Why not disable recursion? Do you need to offer full public DNS to the world? 
(And not just for the Authoritative domains you control?)



Sent from my iPhone

On Mar 29, 2013, at 5:13 PM, Colin Jack <co...@mainline.co.uk> wrote:

> Hi Michael,
> 
> On 19 Mar 2013, at 01:05, Michael Stauber <mstau...@blueonyx.it> wrote:
> 
>> Hi Will,
>> 
>> Check this article on DNS related attacks:
>> 
>> http://www.topology.org/linux/iptables_dns_flood.html
>> 
>> I've had a few clients who were hit by the ANY? queries a lot, so we
>> modified the APF firewall (part of the Solarspeed security) with the
>> hints and ideas from this article.
>> 
>> In essence there are two ways of doing so. Like Gerald mentioned: You
>> can use the IPtables recent module. Which works quite well. But it's
>> also possible to use packet inspection and just discard or drop
>> excessive ANY? queries from any given source.
>> 
> 
> I have the Solarspeed Security Suite on all my servers and my APF isn't 
> blocking these little b* ...
> 
> Can I tighten it up? We have 50+ DNS connections from the same IP at the same 
> time. I would like to limit this to say 2 ;0)
> 
> Thanks
> 
> Colin
> 
> 
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

Reply via email to