[SAC] [Hosting] [UPDATE] NXDOMAIN DNS DDoS Issues

Lance Albertson lance at osuosl.org
Thu Jan 26 10:10:06 PST 2023


All,

Thanks to those of you who sent me some suggestions on how to
mitigate these attacks. We had another one happen last night and I took the
opportunity to try putting dnsdist [1] in front of one of the DNS servers
(ns1) manually. It seemed to help but I was having trouble with getting the
resolvers to work properly.

I reverted the change after the attack happened but I plan to move forward
on getting this deployed on at least one host initially and see how it goes.

If anyone else has experience with using dnsdist in front of both resolvers
and authoritative BIND servers on the same host, please reply off list and
share your configuration and setup.

Thanks!

[1] https://dnsdist.org/

-- 
Lance Albertson
Director
Oregon State University | Open Source Lab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20230126/2604e363/attachment.htm>
-------------- next part --------------
_______________________________________________
Hosting mailing list
Hosting at osuosl.org
https://lists.osuosl.org/mailman/listinfo/hosting


More information about the Sac mailing list