Re: named on lenny

To: ISP <debian-isp@lists.debian.org>
Subject: Re: named on lenny
From: Marek Podmaka <marki@marki-online.net>
Date: Wed, 11 Mar 2009 09:31:05 +0100
Message-id: <[🔎] 306794795.20090311093105@marki-online.net>
Reply-to: Marek Podmaka <marki@marki-online.net>
In-reply-to: <[🔎] 20090311015256.GB8637@khazad-dum.debian.net>
References: <[🔎] Pine.LNX.4.21.0903080945170.1466-100000@student.dicea.unifi.it> <[🔎] 20090311015256.GB8637@khazad-dum.debian.net>

Hello,

Wednesday, March 11, 2009, 2:52:56, Henrique de Moraes Holschuh wrote:

> On Sun, 08 Mar 2009, Leonardo Boselli wrote:
>> they have to supply dns service to everyone.

> That will make you a DoS amplification point, and yet another problem for
> the Internet at large.  Do not do it.

I also have similar setup due to historical reasons. But as a reaction
to the new attacks (". IN NS" and TXT queries) I have turned on
fail2ban for bind's querylog. I block every IP which does more than
100 requests (only TXT, NS and MX) in 3 minutes (except my own
servers' IP).

-- 
  bYE, Marki

Reply to:

Follow-Ups:
- Re: named on lenny
  - From: Matus UHLAR - fantomas <uhlar@fantomas.sk>

References:
- named on lenny
  - From: Leonardo Boselli <leo@dicea.unifi.it>
- Re: named on lenny
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: named on lenny
Next by Date: Re: named on lenny
Previous by thread: Re: named on lenny
Next by thread: Re: named on lenny
Index(es):
- Date
- Thread