And increasing these params would mitigate this kind of attacks: num-queries-per-thread outgoing-range so-rcvbuf so-sndbuf
"Howto Optimise" document will help. http://unbound.nlnetlabs.nl/documentation/howto_optimise.html -- Daisuke HIGASHI 2014-05-31 10:39 GMT+09:00 Daisuke HIGASHI <[email protected]>: > Hi, > > A countermeasure would be just blackholing "sidear.cn". > > # queries for sidear.cn is just dropped and generates no answer. > local-zone: "sidear.cn" deny > > - or - > > # queries for sidear.cn returns REFUSED > local-zone: "sidear.cn" refuse > > ------ > > Next (current) terget is yahoo.com ? > > $ dig @a.dns.cn sidear.cn > > ;; QUESTION SECTION: > ;sidear.cn. IN A > > ;; AUTHORITY SECTION: > sidear.cn. 86400 IN NS ns2.yahoo.com. > sidear.cn. 86400 IN NS ns1.yahoo.com. > > -- > Daisuke HIGASHI _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
