[Cialug] ddos-guard.net?
Nicolai
nicolai-cialug at chocolatine.org
Mon Apr 29 13:39:50 CDT 2013
On Mon, Apr 29, 2013 at 08:57:20AM -0500, David Champion wrote:
> Apr 26 13:07:03 myhostname named[8212]: client 186.2.164.20#20591: no more
> recursive clients: quota reached
If the nameserver in question is an open resolver, that should be
closed. Please, please do this. And the other ones on the network
too...
http://openresolverproject.org/
> I realize this was probably treating the symptom, but on a busy day
> sometimes that's all you get.
Yep.
In the future, consider moving away from BIND, toward NSD for
authoritative-only service and unbound for recursive-only service. To
help push you in that direction, I think you'll be interested in this
benchmarking paper -- especially pages 16 and 18:
https://www.dns-oarc.net/files/workshop-201005/MartinHaller-OARC.pdf
Nicolai
More information about the Cialug
mailing list