MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Development => Topic started by: fossxplorer on 2017-04-29, 13:04:49
-
Ref https://www.us-cert.gov/ncas/alerts/TA13-088A and https://kb.isc.org/article/AA-00994/0/Using-the-Response-Rate-Limiting-Feature-in-BIND-9.10.html.
Since Kloxo-MR is running authoritative DNS servers, need to add:
rate-limit {
responses-per-second 10/5 or other reasonable values;
};
to options in /opt/configs/bind/conf/defaults/named.options.conf.
What do you think @mustafa
-
Kloxo-MR still using bind 9.9.9 version.
-
I tested in CentOS 7 & Kloxo-MR, since Redhat has patched Bind, it works:
I appended the following to /opt/configs/bind/conf/defaults/named.options.conf right above logging {..
rate-limit {
responses-per-second 5;
window 5;
};
[root@kloxomrc7_01 csf]# systemctl reload named
Seems not to complain about anything.
-
I will add in next update.
-
Awesome, it's included:
https://github.com/mustafaramadhan/kloxo/commit/aac99f42761265fa6f254986cea1f9c4dc2046e5