Sponsor:
Server and Web Integrator
Link:
6.5.0
or
7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR
is open-source.
Donate and or Sponsorship always welcome.
Click to:
Donate...
MRatWork
Forum
Please
login
or
register
.
2024-04-23, 08:46:08
Home
Help
Search
Calendar
Login
Register
MRatWork Forum by Mustafa Ramadhan
»
Sawo Project - Kloxo-MR Discussions
»
Kloxo-MR Development
»
Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks (Read 57038 times)
0 Members and 1 Guest are viewing this topic.
fossxplorer
Master
Posts: 640
Karma: +1/-0
Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks
«
on:
2017-04-29, 13:04:49 »
Ref
https://www.us-cert.gov/ncas/alerts/TA13-088A
and
https://kb.isc.org/article/AA-00994/0/Using-the-Response-Rate-Limiting-Feature-in-BIND-9.10.html
.
Since Kloxo-MR is running authoritative DNS servers, need to add:
rate-limit {
responses-per-second 10/5 or other reasonable values;
};
to options in /opt/configs/bind/conf/defaults/named.options.conf.
What do you think @mustafa
Logged
Kloxo-MR!
MRatWork
Administrator
The Elite
Posts: 15,807
Karma: +119/-11
Gender:
Re: Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks
«
Reply #1 on:
2017-04-29, 13:17:12 »
Kloxo-MR still using bind 9.9.9 version.
Logged
..::
MRatWork
(Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator -
Web Hosting
(Kloxo-MR READY!) --
fossxplorer
Master
Posts: 640
Karma: +1/-0
Re: Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks
«
Reply #2 on:
2017-04-29, 14:28:04 »
I tested in CentOS 7 & Kloxo-MR, since Redhat has patched Bind, it works:
I appended the following to /opt/configs/bind/conf/defaults/named.options.conf right above logging {..
rate-limit {
responses-per-second 5;
window 5;
};
[root@kloxomrc7_01 csf]# systemctl reload named
Seems not to complain about anything.
Logged
Kloxo-MR!
MRatWork
Administrator
The Elite
Posts: 15,807
Karma: +119/-11
Gender:
Re: Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks
«
Reply #3 on:
2017-04-29, 14:53:06 »
I will add in next update.
Logged
..::
MRatWork
(Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator -
Web Hosting
(Kloxo-MR READY!) --
fossxplorer
Master
Posts: 640
Karma: +1/-0
Re: Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks
«
Reply #4 on:
2017-05-01, 18:17:55 »
Awesome, it's included:
https://github.com/mustafaramadhan/kloxo/commit/aac99f42761265fa6f254986cea1f9c4dc2046e5
Logged
Kloxo-MR!
Print
Pages: [
1
]
Go Up
« previous
next »
MRatWork Forum by Mustafa Ramadhan
»
Sawo Project - Kloxo-MR Discussions
»
Kloxo-MR Development
»
Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks
MRatWork Affiliates:
BIGRAF(R) Inc.
House of LMAR
EFARgrafix
..::
Monetize your Website or Blog with BidVertiser
::..
..::
Sell your ad space with BidVertiser
::..
Design By SMFSimple.com
SMF 2.0.15
|
SMF © 2017
,
Simple Machines
Page created in 0.044 seconds with 21 queries.