On Wed, Mar 28, 2012 at 10:39:11AM +0200, Anand Buddhdev <ana...@ripe.net> wrote a message of 25 lines which said:
> It's probably better to rate-limit the address. You can do that on > your server with iptables (Linux) or ipfw (*BSD) or on your router. A possible solution for Linux' Netfilter (test it: it may have strange effects when you have many different IP sources): iptables -A INPUT -p udp --dport 53 -m hashlimit \ --hashlimit-name DNS --hashlimit-above 20/second --hashlimit-mode srcip \ --hashlimit-burst 100 --hashlimit-srcmask 28 -j DROP (Adjust the number to your case, doc is in iptables' man page) You may also limit this rule to the offending IP address(es) _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
