Need to restrict DNS requests to just 5 per second
Tek Bahadur Limbu
teklimbu at wlink.com.np
Thu Dec 28 03:48:37 PST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 27 Dec 2006 18:41:17 -0500
Chuck Swiger <cswiger at mac.com> wrote:
> Tek Bahadur Limbu wrote:
> [ ... ]
> > Thank you very much for your help and suggestions. Actually, the
> > reason why I want to implement this restriction is because some
> > clients whose Windows PCs are infected with viruses and malwares
> > send up to 10-20 bogus DNS queries per second which causes the
> > traffic utilization to go almost 5 times high on the dns server.
>
> There are legitimate reasons why a client machine might want to make
> dozens or even hundreds of DNS lookups per second-- or have you never
> used adns or another webserver logfile analyzer yourself? :-)
>
> Please consider solving the problem rather than a symptom.
>
> If you experience what you determine to be malicious traffic from a
> host or traffic which violates your published AUP, please contact the
> systems' owner or perform firewall egress filtering on such a machine
> until it gets fixed.
>
> --
> -Chuck
>
Hello Chuck,
I will definitely try what you stated.
Thanks.
- --
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)
iD8DBQFFk6tMVrOl+eVhOvYRAjTgAJ0R94qZr/nrb6DLGWM45YIQJQLpFQCcDurr
ED5wdp+F0Gzs9ntFB+EunVk=
=BA7b
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list