> My name servers have got many times of traffic attack. > When the large bulk of traffic is delivered to nameserver, the server > is almost dead. > For example, the attacking traffic was more than 2G to a single host sometime.
Are these your authoritative or your recursive name servers? These are different services and should run on different hosts. Your recursive name servers in most cases should *not* be available outside your network. Incoming DNS traffic to your recursive DNS servers can then be blocked at your border routers, which can hopefully do this at line rate in hardware. Steinar Haug, Nethelp consulting, sth...@nethelp.no _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users