Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-07 Thread bert hubert 
On Sat, Jul 07, 2018 at 03:49:16PM +0430, Hamed Haghshenas wrote:
> I'm using PDNS Authoritative Server 4.1.3, today I see my server not
> response and error or timeout on resolves .

Hi Hamed,

What you can best do is install dnsdist and put it in front of your
authoritative servers.

Try this dnsdist.conf, assuming your auth server will listen on 127.0.0.1
and your current auth server IP is 1.2.3.4:

newServer("127.0.0.1")
setLocal("1.2.3.4")
addAction(MaxQPSIPRule(10), DropAction())

This restricts each individual IP address to 10 queries per second. I also
recommend you setup the internal webserver which will give you a good feel
for what is going on, https://dnsdist.org/guides/webserver.html

If you don't want to drop, you can also shift traffic to TCP which stops
most attacks:

addAction(AndRule({TCPRule(false), MaxQPSIPRule(10)}), TCAction())

If this is not enough, you could use the EBPF kernel based limits as
described in https://dnsdist.org/advanced/ebpf.html

This allows you to filter like 20gbit/s of unwanted traffic if need be, but
it does require a recent kernel.

Good luck!

> 
> When check the server see to many DNS requests from some IPs from Brazil
> like DDOS attack. To fix errors and timeouts, I block the attacker subnet in
> my firewall .
> 
>  
> 
> Now could you please let me know how protect my server from DOS and DDOS
> attacks ?
> 
>  
> 
> Best Regards,
> 
>  
> 
> Hamed Haghshenas
> 
>  
> 
>  
> 

> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-07 Thread Hamed Haghshenas 
Dear Mohamad,

My Server is public and I offer my service to lots of domains so I can't
specify the subnets. 

 

BR,

Hamed Haghshenas

 

From: Mohamad F. Barham [mailto:mbar...@birzeit.edu] 
Sent: Saturday, July 7, 2018 3:55 PM
To: Hamed Haghshenas ;
pdns-users@mailman.powerdns.com
Subject: Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

 

in the conf file , you can specify the subnets those allowed to use this
server s.t (default )
allow-from = 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

 

 



 

  _  

From: Pdns-users < 
pdns-users-boun...@mailman.powerdns.com> on behalf of Hamed Haghshenas <
 haghshe...@chavoosh.com>
Sent: Saturday, July 7, 2018 2:19:16 PM
To:  
pdns-users@mailman.powerdns.com
Subject: [Pdns-users] PDNS Authoritative Server DDOS Protection 

 

Hi,

 

I'm using PDNS Authoritative Server 4.1.3, today I see my server not
response and error or timeout on resolves .

When check the server see to many DNS requests from some IPs from Brazil
like DDOS attack. To fix errors and timeouts, I block the attacker subnet in
my firewall .

 

Now could you please let me know how protect my server from DOS and DDOS
attacks ?

 

Best Regards,

 

Hamed Haghshenas

 

 

~~ 
The information contained in this communication is intended solely for the
use of the individual or entity to whom it is addressed and others
authorized to receive it. It may contain confidential or legally privileged
information. If you are not the intended recipient you are hereby notified
that any disclosure, copying, distribution or taking any action in reliance
on the contents of this information is strictly prohibited and may be
unlawful. If you have received this communication in error, please notify us
immediately by responding to this email and then delete it from your system.
The University is neither liable for the proper and complete transmission of
the information contained in this communication nor for any delay in its
receipt. 
~~ 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-07 Thread Mohamad F. Barham 
in the conf file , you can specify the subnets those allowed to use this server 
s.t (default )
allow-from = 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16







From: Pdns-users  on behalf of Hamed 
Haghshenas 
Sent: Saturday, July 7, 2018 2:19:16 PM
To: pdns-users@mailman.powerdns.com
Subject: [Pdns-users] PDNS Authoritative Server DDOS Protection


Hi,



I’m using PDNS Authoritative Server 4.1.3, today I see my server not response 
and error or timeout on resolves .

When check the server see to many DNS requests from some IPs from Brazil like 
DDOS attack. To fix errors and timeouts, I block the attacker subnet in my 
firewall .



Now could you please let me know how protect my server from DOS and DDOS 
attacks ?



Best Regards,



Hamed Haghshenas





~~
The information contained in this communication is intended solely for the use 
of the individual or entity to whom it is addressed and others authorized to 
receive it. It may contain confidential or legally privileged information. If 
you are not the intended recipient you are hereby notified that any disclosure, 
copying, distribution or taking any action in reliance on the contents of this 
information is strictly prohibited and may be unlawful. If you have received 
this communication in error, please notify us immediately by responding to this 
email and then delete it from your system. The University is neither liable for 
the proper and complete transmission of the information contained in this 
communication nor for any delay in its receipt.
~~
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-07 Thread Hamed Haghshenas 
Hi,

 

I'm using PDNS Authoritative Server 4.1.3, today I see my server not
response and error or timeout on resolves .

When check the server see to many DNS requests from some IPs from Brazil
like DDOS attack. To fix errors and timeouts, I block the attacker subnet in
my firewall .

 

Now could you please let me know how protect my server from DOS and DDOS
attacks ?

 

Best Regards,

 

Hamed Haghshenas

 

 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users