On 02/08/2022 22:04, Saleck wrote:
Dne úterý 2. srpna 2022 22:02:58 CEST, Robert Moskowitz napsal(a):
Recently I have been having problems with my server not responding to my
requests. I thought it was all sorts of issues, but I finally looked at
the logs and:
Aug 2 15:47:19 onlo named[6155]:
Just my opinion.
Don't rate limit tcp. The RRL feature in Bind only rate limits UDP.
UDP is connection-less and the source address can be forged, generating
DDOS traffic to a 3rd party.
Proper DNS software will fall back to TCP. Because TCP is connection
based, much harder to forge source
On Wed, 3 Aug 2022 13:47:41 +0200
Victor Johansson via bind-users wrote:
> Hey,
>
> I just want to add that there is a better way to do this in iptables
> with hashlimit. The normal rate limit in iptables is too crude.
>
> Below is an example from the rate-limit-chain, to which you simply send
On 8/2/22 3:15 PM, Grant Taylor via bind-users wrote:
It looks like you're dealing with A queries for the root domain. I've
blocked this, and similar queries, via iptables firewall in the past.
I've seen a number of responses to Robert's "Stopping ddos" thre
On 8/2/22 3:29 PM, Robert Moskowitz wrote:
My clients use my internal view. My external view has:
match-clients { any; };
match-destinations { any; };
allow-query { any; };
allow-query-cache { localhost; };
recursion no;
it's been a while but I do
Thanks. I will look into this.
On 8/3/22 07:47, Victor Johansson via bind-users wrote:
Hey,
I just want to add that there is a better way to do this in iptables
with hashlimit. The normal rate limit in iptables is too crude.
Below is an example from the rate-limit-chain, to which you simpl
Hey,
I just want to add that there is a better way to do this in iptables
with hashlimit. The normal rate limit in iptables is too crude.
Below is an example from the rate-limit-chain, to which you simply send
all port 53 traffic from the INPUT chain (make sure to exclude
127.0.0.1/127.0.0.5
On Tue, Aug 02, 2022 at 11:16:15PM +0200, Michael De Roover wrote:
! For my servers I'm using iptables rules to achieve ratelimiting. They
! look as follows:
! -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --
! update --seconds 600 --hitcount 4 --name DEFAULT --mask 255.255.255.2
On 8/2/22 17:30, Nathan Ollerenshaw via bind-users wrote:
On 8/2/22 1:02 PM, Robert Moskowitz wrote:
Recently I have been having problems with my server not responding to
my requests. I thought it was all sorts of issues, but I finally
looked at the logs and:
You're being used as an unwill
com ; bind-users@lists.isc.org
Subject: RE: Stopping ddos
>> Any best practices on this?
>>
>> I am running bind 9.11.4
>>
>> thanks
> You could think about adding fail2ban to your server with some custom rules.
> Helped us in a similar situation.
You could also
On 8/2/22 1:02 PM, Robert Moskowitz wrote:
Recently I have been having problems with my server not responding to my
requests. I thought it was all sorts of issues, but I finally looked at
the logs and:
Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 114.29.194.4#11205
(.): view external
>> Any best practices on this?
>>
>> I am running bind 9.11.4
>>
>> thanks
> You could think about adding fail2ban to your server with some custom rules.
> Helped us in a similar situation.
You could also take advantage of BIND's built-in Response Rate Limiting which
is explained here:
https:
For my servers I'm using iptables rules to achieve ratelimiting. They
look as follows:
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --
update --seconds 600 --hitcount 4 --name DEFAULT --mask 255.255.255.255
--rsource -j DROP
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW
On 8/2/22 2:02 PM, Robert Moskowitz wrote:
Any best practices on this?
It looks like you're dealing with A queries for the root domain. I've
blocked this, and similar queries, via iptables firewall in the past.
Also, make sure that you apply the same BIND ACL to the cache that you
do for q
Dne úterý 2. srpna 2022 22:02:58 CEST, Robert Moskowitz napsal(a):
> Recently I have been having problems with my server not responding to my
> requests. I thought it was all sorts of issues, but I finally looked at
> the logs and:
>
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 114.29.1
Recently I have been having problems with my server not responding to my
requests. I thought it was all sorts of issues, but I finally looked at
the logs and:
Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 114.29.194.4#11205
(.): view external: query (cache) './A/IN' denied
Aug 2 15:47
16 matches
Mail list logo
