Discuss mailing list

[Paladin <paladin AT jstation.cz>]

Hi,

On Tue, Jul 09, 2013 at 05:36:39PM -0600, Jeff Taylor wrote:
> I actually go higher than that...  I'm currently running 20/min with 30
> burst.  The thing you have to look at is what 'normal' traffic looks
> like.  What happens when you hit a popular website with a ton of
> embedded banner ads, traffic monitoring, etc?  Every one of those items
> has to perform a lookup, so it might not be unusual for a regular user
> to perform 20-30 lookups on a single web page, especially if their
> system does not locally cache DNS data.

well, I'll increase the limit :)

> Please also see http://wiki.opennicproject.org/Tier2Security for
> iptables rules that will refuse to answer certain types of queries known
> to be part of attacks.  These will stop the attacks dead, not even
> allowing a short burst of answers to get through.

Yep, I know about this page, but mys Tier2 is running only on VPS (but plenty
of performance) base on OpenVZ technology. And most rules except one (the 
hashlimit
one, which can be solved in bind9) are base on string. And AFAIK string is not
working under OpenVZ (at least version we have, but I googled and I think
it has not been patched yet).

So those are useless to me :/

P.

Attachment: pgpc7e7nli1CU.pgp
Description: PGP signature