Need to restrict DNS requests to just 5 per second

Chuck Swiger cswiger at mac.com
Wed Dec 27 16:08:50 PST 2006


Tek Bahadur Limbu wrote:
[ ... ]
> Thank you very much for your help and suggestions. Actually, the reason
> why I want to implement this restriction is because some clients whose
> Windows PCs are infected with viruses and malwares send up to 10-20
> bogus DNS queries per second which causes the traffic utilization to go
> almost 5 times high on the dns server.

There are legitimate reasons why a client machine might want to make dozens or 
even hundreds of DNS lookups per second-- or have you never used adns or 
another webserver logfile analyzer yourself?  :-)

Please consider solving the problem rather than a symptom.

If you experience what you determine to be malicious traffic from a host or 
traffic which violates your published AUP, please contact the systems' owner 
or perform firewall egress filtering on such a machine until it gets fixed.

-- 
-Chuck


More information about the freebsd-questions mailing list