Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2017-05-25, 16:12:02

Author Topic: Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks  (Read 142 times)

0 Members and 1 Guest are viewing this topic.

Offline fossxplorer

  • Master
  • **
  • Posts: 601
  • Karma: +0/-0
    • View Profile
Ref https://www.us-cert.gov/ncas/alerts/TA13-088A and https://kb.isc.org/article/AA-00994/0/Using-the-Response-Rate-Limiting-Feature-in-BIND-9.10.html.

Since Kloxo-MR is running authoritative DNS servers, need to add:

          rate-limit {
              responses-per-second 10/5 or other reasonable values;
          };
to options in /opt/configs/bind/conf/defaults/named.options.conf.

What do you think @mustafa


Kloxo-MR!

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 14,479
  • Karma: +105/-8
  • Gender: Male
    • View Profile
    • MRatWork Forum
Kloxo-MR still using bind 9.9.9 version.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline fossxplorer

  • Master
  • **
  • Posts: 601
  • Karma: +0/-0
    • View Profile
I tested in CentOS 7 & Kloxo-MR, since Redhat has patched Bind, it works:
 I appended the following to /opt/configs/bind/conf/defaults/named.options.conf right above logging {..
rate-limit {
    responses-per-second 5;
    window 5;
};

[root@kloxomrc7_01 csf]# systemctl reload named
Seems not to complain about anything.
Kloxo-MR!

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 14,479
  • Karma: +105/-8
  • Gender: Male
    • View Profile
    • MRatWork Forum
I will add in next update.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline fossxplorer

  • Master
  • **
  • Posts: 601
  • Karma: +0/-0
    • View Profile
Kloxo-MR!

 


Top 4 Global Search Engines:    Google    Bing    Baidu    Yahoo
Click Here

Page created in 0.049 seconds with 20 queries.

web stats analysis