Hi,<div><br></div><div>The best topology is DNS behind load balancers, doing all requirements of securing through VIP (virtual IP), let me know scenarios you are using, that is, public with DSL users, Wi-Fi, mobile or 3-g to give you more precise tips. Don't forget to enable monitoring of DNS machines with NAGIOS or cacti.</div>
<div><br></div><div>Best regards <span></span><br><br>On Sunday, August 4, 2013, Michael Hock wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi there,<br><br>
I need to set up a DNS server which is accessible from the whole internet. I have not chosen a DNS software yet, so maybe we could discuss about some, e.g. bind, dnsmasq, ...<br><br>My biggest concerns are dns amplification attacks, I don't want my server to be part of this.<br>
Is it already possible to protect DNS servers from spoofing
attacks? Maybe just by rate-limiting the requests, without breaking legit
requests?<br> <br>Best regards,<br>Michael<br>
</blockquote></div><br><br>-- <br><div dir="ltr"><div>IMTIAZ AHMED<br></div><font><b>T.E.D.S.</b></font> (Private) Limited.<br>273-B, St.55, F-11/4, Islamabad-44000. <br>T: +92 512 211 700 , M: +92 334 516 76 09 E: <a href="mailto:info@teds.pk" target="_blank">ceo@teds.pk</a><br>
</div><br>