"Tom Schmitt" <tomschm...@gmx.de> wrote: > Hi, > > I have a problem with the load on my Bind. Normally it's fine, but from time to time there are clients which causes through a misconfiguration or a failed local service (not intentionally) a very high amount of queries. After finding and informing the responsible person this problem is mostly solved in short time. > > One of these cases my DNS server can handle, but sometimes there is more than one of these cases at the same time and I have a load problem which causing problems for all clients of my DNS servers. > > My question: > Is there any possibility in Bind to give a quoata to a client? e.g. that from a given IP no more than houndred queries per second are allowed and the rest is to be blackholed. > > That way only the client causing the load would have a problem but not all other clients. > > Is there such a possibility? I found nothing in the documentation. Or are there other ways to achive this? How do you guys do this? > > Tom.
In this case iptables is your friend. One of my solutions is partly based on this: http://codingfreak.blogspot.com/2010/01/iptables-rate-limit-incoming.html adapted to the proper ports etc. of course. -- Roel Wagenaar, Linux-User #469851 with the Linux Counter; http://linuxcounter.net/ You are only young once, but you can stay immature indefinitely. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
