We always have recursion off. This does not stop ANY? queries as Michael pointed out.
Colin On 29 Mar 2013, at 22:41, Roy Urick <rur...@usa.net> wrote: > Why not disable recursion? Do you need to offer full public DNS to the world? > (And not just for the Authoritative domains you control?) > > > > Sent from my iPhone > > On Mar 29, 2013, at 5:13 PM, Colin Jack <co...@mainline.co.uk> wrote: > >> Hi Michael, >> >> On 19 Mar 2013, at 01:05, Michael Stauber <mstau...@blueonyx.it> wrote: >> >>> Hi Will, >>> >>> Check this article on DNS related attacks: >>> >>> http://www.topology.org/linux/iptables_dns_flood.html >>> >>> I've had a few clients who were hit by the ANY? queries a lot, so we >>> modified the APF firewall (part of the Solarspeed security) with the >>> hints and ideas from this article. >>> >>> In essence there are two ways of doing so. Like Gerald mentioned: You >>> can use the IPtables recent module. Which works quite well. But it's >>> also possible to use packet inspection and just discard or drop >>> excessive ANY? queries from any given source. >>> >> >> I have the Solarspeed Security Suite on all my servers and my APF isn't >> blocking these little b* ... >> >> Can I tighten it up? We have 50+ DNS connections from the same IP at the >> same time. I would like to limit this to say 2 ;0) >> >> Thanks >> >> Colin >> >> >> >> _______________________________________________ >> Blueonyx mailing list >> Blueonyx@mail.blueonyx.it >> http://mail.blueonyx.it/mailman/listinfo/blueonyx > > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx