From owner-freebsd-questions@FreeBSD.ORG Wed Dec 27 07:30:31 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DCD4716A407 for ; Wed, 27 Dec 2006 07:30:31 +0000 (UTC) (envelope-from teklimbu@wlink.com.np) Received: from smtp5.wlink.com.np (smtp5.wlink.com.np [202.79.32.52]) by mx1.freebsd.org (Postfix) with SMTP id 3C89313C46E for ; Wed, 27 Dec 2006 07:30:28 +0000 (UTC) (envelope-from teklimbu@wlink.com.np) Received: (qmail 27456 invoked from network); 27 Dec 2006 07:10:05 -0000 Received: from unknown (HELO smtp1.wlink.com.np) (202.79.32.76) by 0 with SMTP; 27 Dec 2006 07:10:05 -0000 Received: (qmail 18117 invoked by uid 98); 27 Dec 2006 07:15:43 -0000 Received: from 202.79.36.216 by smtp1.wlink.com.np (envelope-from , uid 1009) with qmail-scanner-1.25 (clamdscan: 0.88.4/2205. Clear:RC:1(202.79.36.216):. Processed in 0.027209 secs); 27 Dec 2006 07:15:43 -0000 X-Qmail-Scanner-Mail-From: teklimbu@wlink.com.np via smtp1.wlink.com.np X-Qmail-Scanner: 1.25 (Clear:RC:1(202.79.36.216):. Processed in 0.027209 secs) Received: from [202.79.36.216] (HELO teklimbu.wlink.com.np) by smtp1.wlink.com.np (qmail-smtpd) with SMTP; 27 Dec 2006 07:15:33 -0000 (Wed, 27 Dec 2006 13:00:33 +0545) Received: (qmail 6381 invoked by uid 1009); 27 Dec 2006 07:26:53 -0000 Received: from unknown (HELO teklimbu.wlink.com.np) (202.79.36.216) by teklimbu.wlink.com.np with SMTP; 27 Dec 2006 07:26:53 -0000 Date: Wed, 27 Dec 2006 13:11:53 +0545 From: Tek Bahadur Limbu To: Len Conrad Message-Id: <20061227131153.5a417076.teklimbu@wlink.com.np> In-Reply-To: <200612261434875.SM00292@TX2.Go2France.com> References: <20061226171837.5e4c92a0.teklimbu@wlink.com.np> <200612261434875.SM00292@TX2.Go2France.com> Organization: Worldlink Communications Pvt. Ltd. X-Mailer: Sylpheed version 2.2.0 (GTK+ 2.8.12; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Check-By: smtp1.wlink.com.np Spam: No ; 0.3 / 5.0 X-Spam-Status-WL: No, hits=0.3 required=5.0 Cc: josh@tcbug.org, freebsd-questions@freebsd.org Subject: Re: Need to restrict DNS requests to just 5 per second X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Dec 2006 07:30:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 26 Dec 2006 07:49:09 -0600 Len Conrad wrote: > > >I need to restrict dns (udp) requests to not more than 3 requests per > >second from each client's IP. > > restricting DNS query rate, if you can find a way, will probably slow > your clients' operations very noticeably. > > What problem are you trying to solve? > > Len > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > Dear All, Thank you very much for your help and suggestions. Actually, the reason why I want to implement this restriction is because some clients whose Windows PCs are infected with viruses and malwares send up to 10-20 bogus DNS queries per second which causes the traffic utilization to go almost 5 times high on the dns server. This name server is not authoritative and allows recursion only to my internal clients defined in my ACL. Well I will definitely looked into 'recursive-clients' and 'tcp-clients' and also at PF to implement the restriction as suggested by Matthew. But since I am currently using IPFW and if I implement another PF firewall, will it result in unexpected consequences. Since I am very new to both FreeBSD and Bind, I think I have got more help and information than I need from you guys.:) Thanks alot once again. - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFFkiA9VrOl+eVhOvYRAvfAAJ9WZr4QEfvUyQ40/uC2h9328vD4yACaAoSm +eFfFKxUvLOO9lqrvr7GB04= =CZVy -----END PGP SIGNATURE-----