On Fri, 8 Dec 2006, Geo. wrote:
I know this is kind of a crazy idea but how about making cleaning up all these infected machines the priority as a solution instead of defending your dns from your infected clients. They not only affect you, they affect the rest of us so why should we give you a solution to your problem when you don't appear to care about causing problems for the rest of us?
George Roettger
Atually, reading your reply (which is the same as my own, pretty much), I figure the guy asked a question and he has a real problem. Assuming he doesn't want to clean them up is not nice of us. Luke: It is possible the DNS queries made are for non existent domains, fake replies, perhaps even making them something in 1918 space, and they MAY stop being not nice netizens. Gadi.
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Luke Sent: Friday, December 08, 2006 9:41 AM To: nanog@nanog.org Subject: DNS - connection limit (without any extra hardware)
Hi, as a comsequence of a virus diffused in my customer-base, I often receive big bursts of traffic on my DNS servers. Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I have a distributed tentative of denial of service. I can't blacklist them on my DNSs, because the infected clients are too much.
For this reason, I would like that a DNS could response maximum to 10 queries per second given by every single Ip address. Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND tuning, without using any hardware traffic shaper?
Thanks Best Regards
Luke