DNS - connection limit (without any extra hardware)

• Previous message (by thread): anycasting behind different ASNs?
• Next message (by thread): DNS - connection limit (without any extra hardware)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,
as a comsequence of a virus diffused in my customer-base, I often receive
big bursts of traffic on my DNS servers.
Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I
have a distributed tentative of denial of service.
I can't blacklist them on my DNSs, because the infected clients are too
much.

For this reason, I would like that a DNS could response maximum to 10
queries per second given by every single Ip address.
Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND
tuning, without using any hardware traffic shaper?

Thanks
Best Regards

Luke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20061208/c31d58ca/attachment.html>

• Previous message (by thread): anycasting behind different ASNs?
• Next message (by thread): DNS - connection limit (without any extra hardware)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]