Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] iptables rules inefficient

discuss AT

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] iptables rules inefficient

Chronological Thread 
  • From: Christopher <weblionx AT>
  • To: discuss AT
  • Subject: Re: [opennic-discuss] iptables rules inefficient
  • Date: Fri, 31 May 2013 21:45:58 -0400

Has anyone ever tried using TCP only for a DNS server? I don't know
how well clients would handle that, and I know it has some extra
latency, but if it eliminates the ability to use it for a DDoS it
seems like it might be something worth trying.

I'm assuming that regular TCP-DNS uses one connection per query. Would
it be possible to set it up so it kept the connection up for many
queries, or would that require using a tunnel or rewriting software?

- C

On Fri, May 24, 2013 at 6:40 AM, Psilo <dns AT> wrote:
> Thank you Jeff for binging the conversation back to the topic.
> Eric: I am simply using the rules mentioned in the wiki pointed by Jeff.
> The IRC conversation with the guy that understands nothing to DNS
> amplification attacks is just useless.
> Psilo
> Le vendredi 24 mai 2013, Jeff Taylor a écrit :
>> We have a collection of rules posted here:
>> On 05/23/2013 09:43 AM, Éric Boucher wrote:
>> This is great changes... May i ask for your rules so i can add it to mine
>> ?
>> Thanks,
>> Éric

Archive powered by MHonArc 2.6.19.

Top of Page