On 15 May 2013 09:13, fenghe <[email protected]> wrote: > Does a hardware firewall help to defend the DNS attack? > If so what's the suggested policy/rules?
Chances are your firewall will break long before your DNS server is overwhelmed. DNS traffic should not be firewalled, the number of UDP transactions will very rapidly use up lots of sessions and cripple the firewall. Instead proper ingress filtering (BCP38) should be used on the network to prevent spoofed traffic from ever getting anywhere near your DNS servers. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
