-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/02/2012 09:53 AM, Oliver Peter wrote: > On Wed, Feb 01, 2012 at 05:24:50PM -0600, Mark Felder wrote: >> On 01.02.2012 10:49, Dominick Rivard wrote: >>> I am using Unbound to serve a public DNS server and I am >>> looking for a way to prevent bot or server degrading my service >>> by requesting the same domain name like 10 times per seconds. I >>> thought of using fail2ban but for that I need to get the ip of >>> the requester somewhere in the log, so I tried analyzing the >>> log and changed the verbosity of the logging with >>> unbound-control, but still I don???t find anything yet that I >>> could use for this purpose. >> On BSD I'd say use a pf rule to block the IP for a time period if >> X many concurrent states to port 53. Is something like that >> possible with iptables on Linux? > > That would work on a general denial of service scenario (rate > limiting) but the OP wanted to block the client after X connections > to the same domain and with pf (and probably iptables) you cannot > log the requested domainname; you will need some userlevel magic > here.
if you set log-queries: yes then it logs: time, IP, name, type, class and this you can maybe use as input to that userlevel script. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPKlbeAAoJEJ9vHC1+BF+NvuoQALHIRMK9Y2/s/fcBVL0iBX25 rwefa+9IGTma+QnmD0RKjZbM2IxRMLIO5o8CTNCLgnr7vhezWSi9PE8US3jsA6lm Bo/QSjyjYbPyXiur5nIF5XgM4JuAvL13D2EB/C1nrYoK3VQTAYSD3qsnyjXLkHUI t/hTgqgNnqA7WLfGKA9jr6uqYkTsDIT3UEP7ENTkssH1nHCaO4h+ZFKikKo8P9Ql Ou0+jOBSn75p4E6RUwEQGvRlIpLD/D3T64+upc6u9bjwMiI8+OCguOq+Z6js75mQ vPbxdEkjjKIxgoeghmj+9Qfheser0xXgkcNYj5sdY4wGQNyuLLMNgglGBmYGLPdV cLozbK66Sd+RcdTd/mk9aUuB28gNjlkXjAHGDy+5WGc4Cp0nrIUtiNrps1jDbY8A r7RwAz40tzrxiigOPT3m2s4wQ7D38itAO1x2wPKKx2Nat8/yzt9wndscNQ5iwOKG DnuPzsY1SHyeLZFyeBrx6KEQQ/nvEDnI0K+jwjzwgG4h8MfVylA5nBhpdklYmsDy LReCzb/6FCzCdnfrPGhRYOuoBMdLZFNThbxjvd87uhlhe/gqDn9fEPQ4yYf9IBOL 3phYEenvplJQPyLuerop24IxIu3lTS8VwcbRwMZwyoPqjtv2Z2V5+6AmSEjH8iLQ axep8ZGlmmISRtXBOgof =Iy6b -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
