On 01.02.2012 10:49, Dominick Rivard wrote:
I am using Unbound to serve a public DNS server and I am looking for
a way
to prevent bot or server degrading my service by requesting the same
domain
name like 10 times per seconds. I thought of using fail2ban but for
that I
need to get the ip of the requester somewhere in the log, so I tried
analyzing the log and changed the verbosity of the logging with
unbound-control, but still I don’t find anything yet that I could use
for
this purpose.
On BSD I'd say use a pf rule to block the IP for a time period if X
many concurrent states to port 53. Is something like that possible with
iptables on Linux?
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
