Date: Wed, 27 Dec 2006 13:11:53 +0545 From: Tek Bahadur Limbu <teklimbu@wlink.com.np> To: Len Conrad <LConrad@Go2France.com> Cc: josh@tcbug.org, freebsd-questions@freebsd.org Subject: Re: Need to restrict DNS requests to just 5 per second Message-ID: <20061227131153.5a417076.teklimbu@wlink.com.np> In-Reply-To: <200612261434875.SM00292@TX2.Go2France.com> References: <20061226171837.5e4c92a0.teklimbu@wlink.com.np> <200612261434875.SM00292@TX2.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 26 Dec 2006 07:49:09 -0600 Len Conrad <LConrad@Go2France.com> wrote: > > >I need to restrict dns (udp) requests to not more than 3 requests per > >second from each client's IP. > > restricting DNS query rate, if you can find a way, will probably slow > your clients' operations very noticeably. > > What problem are you trying to solve? > > Len > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > Dear All, Thank you very much for your help and suggestions. Actually, the reason why I want to implement this restriction is because some clients whose Windows PCs are infected with viruses and malwares send up to 10-20 bogus DNS queries per second which causes the traffic utilization to go almost 5 times high on the dns server. This name server is not authoritative and allows recursion only to my internal clients defined in my ACL. Well I will definitely looked into 'recursive-clients' and 'tcp-clients' and also at PF to implement the restriction as suggested by Matthew. But since I am currently using IPFW and if I implement another PF firewall, will it result in unexpected consequences. Since I am very new to both FreeBSD and Bind, I think I have got more help and information than I need from you guys.:) Thanks alot once again. - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFFkiA9VrOl+eVhOvYRAvfAAJ9WZr4QEfvUyQ40/uC2h9328vD4yACaAoSm +eFfFKxUvLOO9lqrvr7GB04= =CZVy -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061227131153.5a417076.teklimbu>