Re: [dns-operations] solutions for DDoS mitigation of DNS

Ray Bellis Thu, 02 Apr 2020 02:49:30 -0700

On 02/04/2020 10:12, Tessa Plum wrote:

> All the packages were DNS requests, some queries like 'dig domain.com any'.
> but their IP address seems spoofed.
> A request from the fake address to our nameserver, but nameserver try
> its best to reply to this unreal address.

If it's a recursive server, apply an ACL so that only expected clients
can query.

If it's an authoritative server, turn on Response Rate Limiting (RRL) if
it's BIND, or the equivalent feature if is isn't.

Ray

_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] solutions for DDoS mitigation of DNS

Reply via email to