What version of bind, on what OS? There may be some things you can do with iptables to limit connections
http://www.debian-administration.org/articles/187 I don't recall seeing anything native to BIND that would allow for limits per src. t. -----Original Message----- From: bind-users-bounces+tsnyder=rim....@lists.isc.org [mailto:bind-users-bounces+tsnyder=rim....@lists.isc.org] On Behalf Of Kebba Foon Sent: Tuesday, October 26, 2010 2:27 PM To: bind-users@lists.isc.org Subject: limiting number of recursion/queries per IP address Dear List, Is is possible to limit the number of recursion/queries per IP address. there is some kind of virus thats bombarding my dns servers with a lot of queries, i realize that when ever the total number of recursion clients reach 1000 dns resolution stop working. i have increase the recursive-clients to 10000 but still these those not help. and also i have increase the number of max open files on my OS which at one point was complaining about too many open files. can someone please direct me to how best to solve this problem its some kind of DDOS. Thanks Kebba _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
