This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] protect DNS servers from dns amplification attacks
- Previous message (by thread): [dns-wg] protect DNS servers from dns amplification attacks
- Next message (by thread): [dns-wg] protect DNS servers from dns amplification attacks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Imtiaz Ahmad
ceo at teds.pk
Sun Aug 4 14:15:01 CEST 2013
Hi, The best topology is DNS behind load balancers, doing all requirements of securing through VIP (virtual IP), let me know scenarios you are using, that is, public with DSL users, Wi-Fi, mobile or 3-g to give you more precise tips. Don't forget to enable monitoring of DNS machines with NAGIOS or cacti. Best regards On Sunday, August 4, 2013, Michael Hock wrote: > Hi there, > > I need to set up a DNS server which is accessible from the whole internet. > I have not chosen a DNS software yet, so maybe we could discuss about some, > e.g. bind, dnsmasq, ... > > My biggest concerns are dns amplification attacks, I don't want my server > to be part of this. > Is it already possible to protect DNS servers from spoofing attacks? Maybe > just by rate-limiting the requests, without breaking legit requests? > > Best regards, > Michael > -- IMTIAZ AHMED *T.E.D.S.* (Private) Limited. 273-B, St.55, F-11/4, Islamabad-44000. T: +92 512 211 700 , M: +92 334 516 76 09 E: ceo at teds.pk <info at teds.pk> -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/dns-wg/attachments/20130804/f265fef8/attachment.html>
- Previous message (by thread): [dns-wg] protect DNS servers from dns amplification attacks
- Next message (by thread): [dns-wg] protect DNS servers from dns amplification attacks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]