If you are using BIND, take a look at: https://kb.isc.org/article/AA-01000
cv On Wed, Dec 11, 2013 at 1:06 PM, Anurag Bhatia <m...@anuragbhatia.com> wrote: > Hello everyone > > > I noticed some issues on one of DNS server I am managing. It was getting > queries for couple of attacking domains and server was replying in TCP with > 3700 bytes releasing very heavy packets. Now I see presence of some > (legitimate) DNS forwarders and hence I don't wish to limit queries. > > > As I understand there are two ways here for fix: > > > 1. I can put a DNS rate limit in reply to ANY packets like say 5 replies > in every one min. (but again I have some forwarders with quite a few > machines behind them). > > 2. Other way is limiting TCP port 53 outbound size ...limiting to say > 600-700 bytes or so. > > > > I am sure I am not first person experiencing this issue. Curious to hear > how you are managing it. Also under what circumstances I can get a > legitimate TCP query on port 53 whose reply exceeds a basic limit of less > then 1000 bytes? > > > > > Thanks. > > -- > > > Anurag Bhatia > anuragbhatia.com > > Linkedin <http://in.linkedin.com/in/anuragbhatia21> | > Twitter<https://twitter.com/anurag_bhatia> > Skype: anuragbhatia.com >
