Hi, I have implemented mitigation against random subdomain DoS attack (or sometime referred as water torture attack) for Unbound utilizing bloomfilter.
https://github.com/hdais/unbound-bloomfilter It learns qnames which resulted in noerror using bloomfilter in peace time. When a domain is set to be bloomfiltered (manually or automatically) it accepts only qnames to be noerror for the domain. This effectively refuse only bad random queries that result would be nxdomain while keeping the domain resolvable. Regards, -- Daisuke HIGASHI _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
