On 15/06/12 16:37, Holemans Wim wrote:
>
> Wim Holemans
> Netwerkdienst Universiteit Antwerpen
> Network Services University of Antwerp
>
>
> One of the problems is that these firewalls are going to be replaced soon and
> we don't want to spend to much effort in trying to fix what seems an annoy
Hi there,
On Fri, 15 Jun 2012, Holemans Wim wrote:
... Once or twice a day a DNS burst (20K requests/15sec) kills all
connections on the firewall.
Have you disabled firewall connection tracking for DNS requests?
We have 6 dns servers (bind) on our campus, that are all
authoritative for our
On Jun 15, 2012, at 4:25 AM, Holemans Wim wrote:
> We have a problem with one of our firewalls caused by DNS peaks.
Yes.
W
> Once or twice a day a DNS burst (20K requests/15sec) kills all connections on
> the firewall.
> The firewall is due for replacement but in the mean time we would like
You DO realize that DNS is (mostly) UDP packets, and an attacker (or
in your case, the ADs) can simply send UDP packet floods to kill your
firewall (in your current state), regardless how your DNS server is
configured, even when the DNS server is down?
Once we had the firewall for DNS, when it
Yes we know and new firewalls are on their way (already partly installed), but
we can't activate them for the moment as we are in an examination period in
which we can't make any change to our network as students should be able to
take online tests 24/24...
Wim Holemans
Netwerkdienst Universite
On Fri, Jun 15, 2012 at 9:37 PM, Holemans Wim wrote:
>
>
> Wim Holemans
> Netwerkdienst Universiteit Antwerpen
> Network Services University of Antwerp
>
>
> One of the problems is that these firewalls are going to be replaced soon and
> we don't want to spend to much effort in trying to fix what
Wim Holemans
Netwerkdienst Universiteit Antwerpen
Network Services University of Antwerp
One of the problems is that these firewalls are going to be replaced soon and
we don't want to spend to much effort in trying to fix what seems an annoying
side-effect of something caused by a DNS system.
bind-users-bounces+wbrown=e1b@lists.isc.org wrote on 06/15/2012
04:25:16 AM:
> We have a problem with one of our firewalls caused by DNS peaks.
> Once or twice a day a DNS burst (20K requests/15sec) kills all
> connections on the firewall.
> The firewall is due for replacement but in the me
Hello,
You may wish to read ISC/BIND's ARM about these settings (i.e., what they do,
how they work, what the defaults are, etc):
recursive-clients N;
tcp-clients M;
clients-per-query P;
max-clients-per-query R;
where N, M, P, and R are numbers appropriate for y
Holemans Wim wrote:
>
> I have 2 questions, one, is there a way to rate-limit the amount of
> request a single client (the AD servers in this case) can have standing
> out against a bind server ? Kind of rate-limiting parameter for bind
> name server.
There isn't a way to do this in BIND. If you
On 15 Jun 2012, at 01:14, Rodrigo Renie Braga wrote:
> I've been trying to find examples on how to use TSIG to replicate several
> differents views to a slave server, but I could only find with two views, and
> I just couldn't figure out how to adapt that example to 3 or more views.
>
> Could
On 17/11/11 19:28, Binu B Nair wrote:
> Hello,
>
> I am getting the following informational messages on starting named after
> installing bind 9.8.1-P1 on a set of resolvers. Please advise.
>
> 18-Nov-2011 03:35:14.872 database: info: adb: grow_entries to 1531 starting
> 18-Nov-2011 03:35:14.874
We have a problem with one of our firewalls caused by DNS peaks. Once or twice
a day a DNS burst (20K requests/15sec) kills all connections on the firewall.
The firewall is due for replacement but in the mean time we would like to stop
these peaks at their origin or at least try to limit their im
Thank you all. It was as some of you suggested. There were two instances
of bind running. One answering the queries, the ohterone listening on
the controllchannel. After killing both and starting bind again, all
works well.
Thank you
Greetings,
Marian
--
Marian Roess
__
14 matches
Mail list logo
