'Re: any rate-limiting patch for tinydns?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       djbdns
Subject:    Re: any rate-limiting patch for tinydns?
From:       richard lucassen <mailinglists () lucassen ! org>
Date:       2013-03-30 19:26:27
Message-ID: 20130330202627.6384f06e302579126e55f71f () lucassen ! org
[Download RAW message or body]

On Sat, 30 Mar 2013 22:05:02 +1300
Jason Haar wrote:

> Given the DDoS that is whacking the inter-tubes at the moment, is
> there a rate-shaping patch for tinydns (I guess dnscache too - but
> I'm sure most of us don't have that sitting open on the Internet)

I run this iptables rule to limit ANY queries to 3:

# limit the queries to ANY (255) records:
${I_INP_NEW} -p udp --dport 53 -m string --algo bm --from 41 \
  --hex-string "|0000ff0001|" -m recent --update \
  --seconds 300 --hitcount 3 --name any_query -j DROP
${I_INP_NEW} -p udp -m udp --dport 53 -m string --algo bm --from 41 \
  --hex-string "|0000ff0001|" -m recent \
  --set --name any_query -j ACCEPT

I_INP_NEW="/usr/sbin/iptables -A INPUT -m state --state NEW"

Don't know if you mean this type of annoyance.

HTH,

R.

-- 
___________________________________________________________________
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

+------------------------------------------------------------------+
| Richard Lucassen, Utrecht                                        |
| Public key and email address:                                    |
| http://contact.xaq.nl/                                           |
+------------------------------------------------------------------+
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic