Denial of Service - DNS

This is a discussion on Denial of Service - DNS ; Just had a quick question, at the Bind Level, if there was a possible Denial of Service coming from only a handful of ip address, would I be able just to use an ACL to deny these or will my ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Denial of Service

  1. Denial of Service

    Just had a quick question, at the Bind Level, if there was a possible
    Denial of Service coming from only a handful of ip address, would I be
    able just to use an ACL to deny these or will my servers still be
    flooded as it has to process the ACL?
    Of what would be the quickest and easiest way to reduce the effect of
    some type of Denial of Service where I am getting large quantaties of
    requests from the same group of IPS.


    Thanks


  2. Re: Denial of Service

    In article ,
    "Nick Allum" wrote:

    > Just had a quick question, at the Bind Level, if there was a possible
    > Denial of Service coming from only a handful of ip address, would I be
    > able just to use an ACL to deny these or will my servers still be
    > flooded as it has to process the ACL?
    > Of what would be the quickest and easiest way to reduce the effect of
    > some type of Denial of Service where I am getting large quantaties of
    > requests from the same group of IPS.


    As others have pointed out, it would be better to filter them upstream.
    Next best might be your OS's packet filtering. But filtering in BIND
    would be better than nothing, since it takes less work to check an
    against a filter than to actually perform the DNS processing, so the
    backlog will be smaller.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***



+ Reply to Thread