[Unbound-users] a mitigation against random subdomain attack
daisuke.higashi at gmail.com
Sun Mar 22 12:31:34 UTC 2015
I have implemented mitigation against random subdomain DoS attack (or
sometime referred as water torture attack) for Unbound utilizing
It learns qnames which resulted in noerror using bloomfilter in peace
time. When a domain is set to be bloomfiltered (manually or
automatically) it accepts only qnames to be noerror for the domain.
This effectively refuse only bad random queries that result would be
nxdomain while keeping the domain resolvable.
More information about the Unbound-users