Hello, I just want to share this info for blocking dns amplification attacks
http://wiki.opennicproject.org/Tier2Security https://gist.github.com/guerrerocarlos/5171614 http://www.junkemailfilter.com/blog/2013/03/03/how-to-block-dns-amplification-attack-isc-org-any-attack/ Merry Christmas ! On Fri, Dec 18, 2015 at 3:21 PM, Josh Sanders <faci...@gmail.com> wrote: > Thanks for your reply Bert, > > I am trying the iptables rules for stopping "questions" > -m string --hex-string "|0000ff0001|" and not allowing > to overload my small DNSs. > > > > On Fri, Dec 18, 2015 at 3:01 PM, bert hubert <bert.hub...@powerdns.com> > wrote: > >> On Fri, Dec 18, 2015 at 02:50:22PM -0600, Josh Sanders wrote: >> > Remote xxx.xxx.xxx.www wants 'domainD.com|ANY', do = 0, bufsize = 1680: >> > packetcache MISS >> > >> > As you may see, 'any-to-tcp=yes' seems to be not working so far ... >> >> Can you tcpdump? They could simply be sking the question, doesn't mean >> they >> have to *respect* your TC=1 answer. Since that is all we can do, set TC=1. >> It does not stop the questions! >> >> We do provide a really small answer that way, which stops the >> amplification >> from working. >> >> Bert >> > >
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users