Mosharaf Hossain wrote:
> Hello Folks
> I have come across a challenge with our BIND nameserver, specifically
> related to a "*DNS NXDOMAIN flood*" problem. Despite upgrading the BIND
> version from 9.10 to 9.18, the issue persists.
>
> The attack originates from an external network, and it period
Hi
you might use in /etc/bind/named.conf.options e.g.
rate-limit { responses-per-second 10; nxdomains-per-second 2;
errors-per-second 5; };
that is, with values below default as your bind is already rate limiting
as shown in the logs
You might also shorten the default window of observance
Am 02.11.2023 um 12:02:00 Uhr schrieb Mosharaf Hossain:
> We are receiving the traffic form random IP addresses to DNS servers.
Even when those IP addresses change, can you verify in any way that
those are not spoofed, so the traffic originates rom that networks?
--
Visit https://lists.isc.org/m
Am 02.11.2023 10:58 schrieb Mosharaf Hossain:
> The attack originates from an external network, and it periodically
> saturates our entire internet bandwidth.
Can you verify that the source IP is not spoofed (TCP ACK replies
instead of ACK RST, no ICMP port unreachable for UDP)?
If yes, contact t
4 matches
Mail list logo
