Re: named on lenny
Wednesday, March 11, 2009, 2:52:56, Henrique de Moraes Holschuh wrote:
> On Sun, 08 Mar 2009, Leonardo Boselli wrote:
>> they have to supply dns service to everyone.
> That will make you a DoS amplification point, and yet another problem for
> the Internet at large. Do not do it.
I also have similar setup due to historical reasons. But as a reaction
to the new attacks (". IN NS" and TXT queries) I have turned on
fail2ban for bind's querylog. I block every IP which does more than
100 requests (only TXT, NS and MX) in 3 minutes (except my own