-protocols-dns-b...@isc.org
Subject: Query on the Overload control mechanism for DNS Server
Hi,
To protect the DNS server from overload, is there any feature already part of
Bind software(Or can be achieved with any configuration changes) which can be
enabled/disabled.
I came across relevant
...@gmail.com
Sent: Sunday, April 30, 2017 3:04 PM
To: comp-protocols-dns-b...@isc.org
Subject: Query on the Overload control mechanism for DNS Server
Hi,
To protect the DNS server from overload, is there any feature already part of
Bind software(Or can be achieved with any configuration changes)
Hi Kishore,
you can indeed do so with iptables for example. Have a look at the
hashlimit or the limit module. They are both capable of limiting per
protocol, per dest or source ip and can be configured to trigger only
after reaching a burstlimit. You can enforce a udp packet rate which is
all
Thanks for the quick response.
Is it possible to rate limit the number of packets per second to allow for
a specific iptables rule especially of *UDP*? If yes, our partial
requirement will be sufficed.
Only difficulty I can think at the moment of using this rule is, the peers
will not be indi
Hi,
is there any reason for what you are not performing this rate limiting
using some firewall like iptables/netfilter?
You could limit the incoming requests at this point with ease and the
nameserver would never get in touch with dropped requests thus not waste
cpu time.
Also this approach
Hi,
To protect the DNS server from overload, is there any feature already part of
Bind software(Or can be achieved with any configuration changes) which can be
enabled/disabled.
I came across relevant feature called response rate limit(rrl) documentation,
and it looks like it is mostly useful
6 matches
Mail list logo
