This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] protect DNS servers from dns amplification attacks
- Previous message (by thread): [dns-wg] protect DNS servers from dns amplification attacks
- Next message (by thread): [dns-wg] agenda topics for RIPE67
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Måns Nilsson
mansaxel at besserwisser.org
Wed Aug 7 12:49:48 CEST 2013
Subject: [dns-wg] protect DNS servers from dns amplification attacks Date: Sun, Aug 04, 2013 at 01:48:47PM +0200 Quoting Michael Hock (hook1988 at gmail.com): > Hi there, > > I need to set up a DNS server which is accessible from the whole internet. > I have not chosen a DNS software yet, so maybe we could discuss about some, > e.g. bind, dnsmasq, ... > > My biggest concerns are dns amplification attacks, I don't want my server > to be part of this. > Is it already possible to protect DNS servers from spoofing attacks? Maybe > just by rate-limiting the requests, without breaking legit requests? Is it a resolver or a name server? A resolver open to the Internet probably is the wrong thing to do. Frankly, if you need to ask the questions above you likely haven't thought through your problem enough before coming to the conclusion that an open resolver is a desirable thing. For name servers, OTOH, the situation is different. Tony Finch pointed at Redbarn patches. They work for me. NSD does rate limiting as of recent releases. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 What I need is a MATURE RELATIONSHIP with a FLOPPY DISK ... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: </ripe/mail/archives/dns-wg/attachments/20130807/4c5b6b18/attachment.sig>
- Previous message (by thread): [dns-wg] protect DNS servers from dns amplification attacks
- Next message (by thread): [dns-wg] agenda topics for RIPE67
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]