DNS attack but I have a DNS name server to protect

desertadmin · January 20, 2017, 6:30am

How do I block amp DNS attacks from my network especially if I have a valid Name server behind it that is getting hit. I must propgate and allow valid requests but I need to turn away the bad DNS rogue amplification DNS attacks. What is the recommended way to do this? Do I block based on the rate of a /32 on an input fwall rule or do I block that on a forward? If so whatis the recommended rate to allow valid DNS requests from unknown IPs in?

Thank you
DesertAdmin

AlexeyIlinsky · January 20, 2017, 6:44am

You could add addresses to address list based on content encountered rate you belive is excessive

And in rule above you may tarpit requests coming from any ip of that address list or simply drop them.