Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-28, 16:12:32

Author Topic: Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks  (Read 48313 times)

0 Members and 1 Guest are viewing this topic.

Offline fossxplorer

  • Master
  • **
  • Posts: 640
  • Karma: +1/-0
    • View Profile
Ref https://www.us-cert.gov/ncas/alerts/TA13-088A and https://kb.isc.org/article/AA-00994/0/Using-the-Response-Rate-Limiting-Feature-in-BIND-9.10.html.

Since Kloxo-MR is running authoritative DNS servers, need to add:

          rate-limit {
              responses-per-second 10/5 or other reasonable values;
          };
to options in /opt/configs/bind/conf/defaults/named.options.conf.

What do you think @mustafa


Kloxo-MR!

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Kloxo-MR still using bind 9.9.9 version.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline fossxplorer

  • Master
  • **
  • Posts: 640
  • Karma: +1/-0
    • View Profile
I tested in CentOS 7 & Kloxo-MR, since Redhat has patched Bind, it works:
 I appended the following to /opt/configs/bind/conf/defaults/named.options.conf right above logging {..
rate-limit {
    responses-per-second 5;
    window 5;
};

[root@kloxomrc7_01 csf]# systemctl reload named
Seems not to complain about anything.
Kloxo-MR!

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
I will add in next update.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline fossxplorer

  • Master
  • **
  • Posts: 640
  • Karma: +1/-0
    • View Profile
Kloxo-MR!

 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix

Page created in 0.044 seconds with 22 queries.

web stats analysis