North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: DNS - connection limit (without any extra hardware)
On Fri, 8 Dec 2006, Luke wrote: > Hi, > as a comsequence of a virus diffused in my customer-base, I often receive > big bursts of traffic on my DNS servers. > Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I > have a distributed tentative of denial of service. > I can't blacklist them on my DNSs, because the infected clients are too > much. > > For this reason, I would like that a DNS could response maximum to 10 > queries per second given by every single Ip address. > Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND > tuning, without using any hardware traffic shaper? > "I have a bots infested network, they really task my services! How can I make my services ignore them so that the clients start calling me and spending my tech support budget?" > Thanks > Best Regards > > Luke > Gadi.