On Wed, Feb 01, 2012 at 05:24:50PM -0600, Mark Felder wrote: > On 01.02.2012 10:49, Dominick Rivard wrote: > >I am using Unbound to serve a public DNS server and I am looking > >for a way > >to prevent bot or server degrading my service by requesting the > >same domain > >name like 10 times per seconds. I thought of using fail2ban but > >for that I > >need to get the ip of the requester somewhere in the log, so I tried > >analyzing the log and changed the verbosity of the logging with > >unbound-control, but still I don???t find anything yet that I > >could use for > >this purpose. > On BSD I'd say use a pf rule to block the IP for a time period if X > many concurrent states to port 53. Is something like that possible > with iptables on Linux?
That would work on a general denial of service scenario (rate limiting) but the OP wanted to block the client after X connections to the same domain and with pf (and probably iptables) you cannot log the requested domainname; you will need some userlevel magic here. -- Oliver PETER [email protected] 0x456D688F
pgpkzIgqeyES1.pgp
Description: PGP signature
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
