-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 26 Dec 2006 07:49:09 -0600 Len Conrad <[EMAIL PROTECTED]> wrote:
> > >I need to restrict dns (udp) requests to not more than 3 requests per > >second from each client's IP. > > restricting DNS query rate, if you can find a way, will probably slow > your clients' operations very noticeably. > > What problem are you trying to solve? > > Len > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > Dear All, Thank you very much for your help and suggestions. Actually, the reason why I want to implement this restriction is because some clients whose Windows PCs are infected with viruses and malwares send up to 10-20 bogus DNS queries per second which causes the traffic utilization to go almost 5 times high on the dns server. This name server is not authoritative and allows recursion only to my internal clients defined in my ACL. Well I will definitely looked into 'recursive-clients' and 'tcp-clients' and also at PF to implement the restriction as suggested by Matthew. But since I am currently using IPFW and if I implement another PF firewall, will it result in unexpected consequences. Since I am very new to both FreeBSD and Bind, I think I have got more help and information than I need from you guys.:) Thanks alot once again. - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFFkiA9VrOl+eVhOvYRAvfAAJ9WZr4QEfvUyQ40/uC2h9328vD4yACaAoSm +eFfFKxUvLOO9lqrvr7GB04= =CZVy -----END PGP SIGNATURE----- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"