Creating a DNS "dead Zone"
I have a situation where a dns client is bombarding my dns server with dummy requests to the point that it seems to be running up my CPU to almost 100% utilization. Due to limitations on the client I am unable to stop the requests from being generated right now.
Is there a way for me to point these dummy requests to a NULL address ( if there is anything like that ) that would prevent further requests ?? or any other solution you would recommend. The requests usually have the name <whatever>.xyz.com ( so the xyz.com is common to all the dummy requests ) Any help would be appreciated... thanks |
In your named.conf:
in options add: blackhole { blackhats; }; Create and acl called blackhats: acl "blackhats" { ip1;ip2;ip3 }; Where you put in the IP addresses of the offending site. I don't know of a way to do it by domain name as you requested. However, chances are a lot of what you're seeing is all coming from a common network so you can specify that network with CIDR. |
Also you can manage with iptables and module "recent" it is very cool and scalable.-
You can accept just a few request from any IP for a short time (starting at 60 seconds) if the client reach this few request he will REJECT or DROP until he stop for a 60 seconds. You can add another rule multiplied by 10 the request numbers and drop for an hour.... ETC Think about it |
All times are GMT -5. The time now is 05:38 AM. |