You could also look at Cloudshield. I was
following the EveryDNS issue this weekend and this item among the regular VON
press release blast jumped out at me:
Regards,
Frank
Hi,
as a comsequence of a virus diffused in my customer-base, I
often receive big bursts of traffic on my DNS servers.
Unluckly, a lot of
clients start to bomb my DNSs at a certain hour, so I have a distributed
tentative of denial of service.
I can't blacklist them on my DNSs, because
the infected clients are too much.
For this reason, I would like that a
DNS could response maximum to 10 queries per second given by every single Ip
address.
Anybody knows a solution, just using iptables/netfilter/kernel
tuning/BIND tuning, without using any hardware traffic shaper?
Thanks
Best Regards
Luke