Yes we know and new firewalls are on their way (already partly installed), but we can't activate them for the moment as we are in an examination period in which we can't make any change to our network as students should be able to take online tests 24/24...
Wim Holemans Netwerkdienst Universiteit Antwerpen Network Services University of Antwerp -----Original Message----- From: Fajar A. Nugraha [mailto:w...@fajar.net] Sent: vrijdag 15 juni 2012 17:02 To: Holemans Wim Cc: bind-users@lists.isc.org Subject: Re: limiting number of requests of a single hosts On Fri, Jun 15, 2012 at 9:37 PM, Holemans Wim <wim.holem...@ua.ac.be> wrote: > > > Wim Holemans > Netwerkdienst Universiteit Antwerpen > Network Services University of Antwerp > > > One of the problems is that these firewalls are going to be replaced soon and > we don't want to spend to much effort in trying to fix what seems an annoying > side-effect of something caused by a DNS system. You DO realize that DNS is (mostly) UDP packets, and an attacker (or in your case, the ADs) can simply send UDP packet floods to kill your firewall (in your current state), regardless how your DNS server is configured, even when the DNS server is down? -- Fajar _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
