Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

• Previous message (by thread): Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica
• Next message (by thread): Someone from Bell Canada (Bell.net / Sympatico.ca) Offlist Request
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 04, 2015 at 12:00:32PM -0400, Jared Mauch wrote:
> I recommend using DNSDIST to balance traffic at a protocol level as you can have implementation diversity on the backside.
> 

Here's an example dnsdist config you might find helpful:

	This sends queries to the first two servers unless
they are for domains in the "nether" pool list.  They go to
other servers.

	You can restrict access based on the Acl.

newServer("x.x.223.10")
newServer("x.x.223.20")
;setServerPolicy(firstAvailable) -- first server within its QPS limit
setServerPolicy(leastOutstanding)
webserver("0.0.0.0:8083", "AskMe")
addACL("192.168.0.0/22")
addACL("10.0.0.0/16")
addACL("172.16.22.0/24")
setKey("AskMe")
controlSocket("127.0.0.1:1099")
newServer{address="129.250.35.250", pool="nether"}
newServer{address="129.250.35.251", pool="nether"}
newServer{address="8.8.8.8", pool="nether"}
addPoolRule({"ntt.net.", "nether.net."}, "nether")
addPoolRule({"arpa.", "google.", "gmail.com.", "google.com.", "googlemail.com."}, "nether")


-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

• Previous message (by thread): Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica
• Next message (by thread): Someone from Bell Canada (Bell.net / Sympatico.ca) Offlist Request
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]