North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: DNS - connection limit (without any extra hardware)
- From: Geo.
- Date: Fri Dec 08 10:52:11 2006
I know this is kind of a crazy idea but how about
making cleaning up all these infected machines the priority as a
solution instead of defending your dns from your infected clients. They not only
affect you, they affect the rest of us so why should we give you a solution to
your problem when you don't appear to care about causing problems for the rest
a comsequence of a virus diffused in my customer-base, I often receive big
bursts of traffic on my DNS servers.
Unluckly, a lot of clients start to
bomb my DNSs at a certain hour, so I have a distributed tentative of denial of
I can't blacklist them on my DNSs, because the infected clients
are too much.
For this reason, I would like that a DNS could response
maximum to 10 queries per second given by every single Ip address.
knows a solution, just using iptables/netfilter/kernel tuning/BIND tuning,
without using any hardware traffic shaper?