Need to restrict DNS requests to just 5 per second
Chuck Swiger
cswiger at mac.com
Wed Dec 27 16:08:50 PST 2006
Tek Bahadur Limbu wrote:
[ ... ]
> Thank you very much for your help and suggestions. Actually, the reason
> why I want to implement this restriction is because some clients whose
> Windows PCs are infected with viruses and malwares send up to 10-20
> bogus DNS queries per second which causes the traffic utilization to go
> almost 5 times high on the dns server.
There are legitimate reasons why a client machine might want to make dozens or
even hundreds of DNS lookups per second-- or have you never used adns or
another webserver logfile analyzer yourself? :-)
Please consider solving the problem rather than a symptom.
If you experience what you determine to be malicious traffic from a host or
traffic which violates your published AUP, please contact the systems' owner
or perform firewall egress filtering on such a machine until it gets fixed.
--
-Chuck
More information about the freebsd-questions
mailing list