Hi everybody, after serveral heavy misuse of my authoritive servers, I was urged to *solve* the problem. This is obviously not possible, but I'd like to share my results with you.
I managed to drop the outgoing bandwith from a saturated 100Mbps to 80% of the incoming attack data rate in a first step. Now I so stop each attack within 40 packets. I do only respond to 30 out of 10000 queries. Most production traffic is untouched. There are some collateral damage, which needs to be investigated, i.e. recursive resolvers of IPv6 tunnel providers with qmail customers are overblocked from time to time: The defaults are not optimal yet. Please have a look at http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
