Hi
you should take a look at http://dnsdist.org/,
that can easyly run as dns proxy on the same machine as named.
Philippe
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of
ramkishor...@gmail.com
Sent: dimanche, 30 avril 2017 15:05
To: comp-p
Use isc RRL feature
if are simple queries no mass bombing query, plan a LB structure as per RFC
(dead DNS swirching) is not designed for load issues and can't solve it.
when a query is performed from a remote dns is supposed to be putted inside
cache ! so if u r not an ISP you cold only use i
Hi Kishore,
you can indeed do so with iptables for example. Have a look at the
hashlimit or the limit module. They are both capable of limiting per
protocol, per dest or source ip and can be configured to trigger only
after reaching a burstlimit. You can enforce a udp packet rate which is
all
Thanks for the quick response.
Is it possible to rate limit the number of packets per second to allow for
a specific iptables rule especially of *UDP*? If yes, our partial
requirement will be sufficed.
Only difficulty I can think at the moment of using this rule is, the peers
will not be indi
Hi,
is there any reason for what you are not performing this rate limiting
using some firewall like iptables/netfilter?
You could limit the incoming requests at this point with ease and the
nameserver would never get in touch with dropped requests thus not waste
cpu time.
Also this approach
Hi,
To protect the DNS server from overload, is there any feature already part of
Bind software(Or can be achieved with any configuration changes) which can be
enabled/disabled.
I came across relevant feature called response rate limit(rrl) documentation,
and it looks like it is mostly useful
6 matches
Mail list logo
