Need to restrict DNS requests to just 5 per second
Tek Bahadur Limbu
teklimbu at wlink.com.np
Tue Dec 26 23:30:31 PST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 26 Dec 2006 07:49:09 -0600
Len Conrad <LConrad at Go2France.com> wrote:
>
> >I need to restrict dns (udp) requests to not more than 3 requests per
> >second from each client's IP.
>
> restricting DNS query rate, if you can find a way, will probably slow
> your clients' operations very noticeably.
>
> What problem are you trying to solve?
>
> Len
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
Dear All,
Thank you very much for your help and suggestions. Actually, the reason
why I want to implement this restriction is because some clients whose
Windows PCs are infected with viruses and malwares send up to 10-20
bogus DNS queries per second which causes the traffic utilization to go
almost 5 times high on the dns server.
This name server is not authoritative and allows recursion only
to my internal clients defined in my ACL.
Well I will definitely looked into 'recursive-clients' and
'tcp-clients' and also at PF to implement the restriction as suggested
by Matthew.
But since I am currently using IPFW and if I implement another PF
firewall, will it result in unexpected consequences.
Since I am very new to both FreeBSD and Bind, I think
I have got more help and information than I need from you guys.:)
Thanks alot once again.
- --
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)
iD8DBQFFkiA9VrOl+eVhOvYRAvfAAJ9WZr4QEfvUyQ40/uC2h9328vD4yACaAoSm
+eFfFKxUvLOO9lqrvr7GB04=
=CZVy
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list