Use isc RRL feature
if are simple queries no mass bombing query, plan a LB structure as per RFC (dead DNS swirching) is not designed for load issues and can't solve it. when a query is performed from a remote dns is supposed to be putted inside cache ! so if u r not an ISP you cold only use isc bind RRL https://kb.isc.org/article/AA-00994/0/Using-the-Response-Rate-Limiting-Feature-in-BIND-9.10.html i use it on my auth dns box Alberto Colosi Network & Security Admin & Architect Engineer ________________________________ From: bind-users <bind-users-boun...@lists.isc.org> on behalf of ramkishor...@gmail.com <ramkishor...@gmail.com> Sent: Sunday, April 30, 2017 3:04 PM To: comp-protocols-dns-b...@isc.org Subject: Query on the Overload control mechanism for DNS Server Hi, To protect the DNS server from overload, is there any feature already part of Bind software(Or can be achieved with any configuration changes) which can be enabled/disabled. I came across relevant feature called response rate limit(rrl) documentation, and it looks like it is mostly useful while taking the decision at the time of response transmission after the handling of incoming request. Correct me if I am wrong here. But What I am looking for a feature which calculates the incoming rate and rejects the messages above certain limit at the initial stage itself before handling them and dropping. So that no resource utilization processing will be wasted. This type of mechanism will be very much useful in defining the benchmark limit for any particular server based on its CPU and resources utilization. The Bind version we currently use is Bind 9.11. Any expertise inputs are very much appreciated. Thanks. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users Info Page - lists.isc.org Mailing Lists<https://lists.isc.org/mailman/listinfo/bind-users> lists.isc.org To see the collection of prior postings to the list, visit the bind-users Archives. Using bind-users: To post a message to all the list members, send ... bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users bind-users Info Page - lists.isc.org Mailing Lists<https://lists.isc.org/mailman/listinfo/bind-users> lists.isc.org To see the collection of prior postings to the list, visit the bind-users Archives. Using bind-users: To post a message to all the list members, send ...
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
