Am 02.04.2020 um 05:51 schrieb Tessa Plum:
Hello Paul
We were under some attack like UDP flood to the authority servers, there
were a lot of UDP requests flooding to the servers. The traffic size was
about 20Gbps last time as I have said in last message. The clients seem
using spoofed IP addresses.
Was it a) just some DNS traffic filling the upstream bandwidth, or was
it b) legitim DNS requests to existing domains (or ie random subdomains)?
For a) you can use any DDoS Mitigation used for any service.
For b) you need some advanced techniques, ie. filtering with dnsdist, or
if you can detect some pattern to identify the DDoS packets, you can use
BPF filter to filter out such traffic bevor hitting your name server.
So what was the bottleneck? I.e. if you use PowerDNS with DB backend you
quite early hit the limit with random subdomains, which are not a
problem if you use NSD for example. To mitigation such traffic patterns
for example we use dnsdist with 2 backends, PowerDNS for nomarl zones
and NSD for zones which are quite often under attack.
regards
Klaus
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
