Hi guys,
I was wondering if there’s any way one could filter the DNS packets based on the content in RouterOS. For example, drop a DNS packet if the query contains a request for example.com.
This would be useful in case of a DNS flood with requests for ‘almost’ the same domain names.
Thanks!
First thoughts are that you could use Layer7 Filtering but the down side is that the CPU performance drain on the router might be greater than that of the DNS Flood.
Second thought is based on slowing the traffic through a Mangle/NAT filter where you could limit the number of requests per minute from a particular source. This way would limit ALL DNS to the standards set but could smooth out the spikes when they come along.
Hi GeekPatrolMiller,
I already used the limit traffic but like you said it’ll limit everything. Although it can be useful, it’s not what I’m looking for in this scenario.
I was thinking to deep packet inspection but it seems that L7 filtering won’t do the trick. Regardless of the burden resulted from this inspection action, do you have any hints on how can it be implemented?