Discuss mailing list

[Lennart Seitz <mail AT lseitz.de>]

Hi Discuss List!

Im new to the list so hopefully this is the right place for my question,
if not i apologize.

Apparently multiple finance-sector auth DNS banned my T2 servers from
recursion any of their hosted domains, i dont think their names are
important but they are independent from each other. All my servers are
using binds upstream rate-limit to not spam upstream auth servers to
much and also clients are rate limited and the traffic level of the
servers is minor (~peak round about 10 mbit).

Has anybody experienced something like this? It wonders me that both
come from financial sector, i have not experienced anything like that
yet and both servers are running for quite some time now.

I tried to contact them but only got "your system is detected as a
thread, no details can be shared". My best guess would be that the
servers were used for DNS-AMP attacks towards their servers, but the
rate limit kicks in quite fast and the traffic towards one upstream
server never exceeds 6-8 mbit, and that only for like 1 second, banning
for that seems unreasonable to me.

May i ask (if you are using bind9) what kind of values for
fetches-per-server and fetch-quota-params are reasonable for a T2?

Also any other input is highly appreciated.

Thanks!

-- 
Mit freundlichen Grüßen,
Lennart Seitz
PGP-Schlüssel: 0x187abd76a5660379 (https://pgp.lseitz.de/key.asc)
--