DGA Attack mitigation

manu tman chantr4 at gmail.com
Tue Apr 10 21:22:16 UTC 2018


unbound has a bunch of `ratelimit` options that may help you out.

On Tue, Apr 10, 2018 at 12:27 AM, W.C.A. Wijngaards via Unbound-users <
unbound-users at unbound.net> wrote:

> Hi Mahdi,
>
> This may not be what you are looking for but the just released
> aggressive-nsec: yes option uses DNSSEC aggressive NSEC processing to
> cache more NXDOMAINs per upstream lookup, and more quickly respond to
> NXDOMAINs, resulting in less upstream traffic and less load on the
> server for NXDOMAINS.
>
> Best regards, Wouter
>
> On 10/04/18 08:45, Mahdi Adnan via Unbound-users wrote:
> > Thank you all for your response,
> >
> >
> > --
> >
> > Respectfully*
> > **Mahdi A. Mahdi*
> >
> > ------------------------------------------------------------------------
> > *From:* Paul Vixie <paul at redbarn.org>
> > *Sent:* Monday, April 9, 2018 11:37 PM
> > *To:* Rainer Duffner
> > *Cc:* Mahdi Adnan; unbound-users at unbound.net
> > *Subject:* Re: DGA Attack mitigation
> >
> >
> >
> > Rainer Duffner via Unbound-users wrote:
> >>
> >>
> >>> Am 09.04.2018 um 20:04 schrieb Mahdi Adnan via Unbound-users
> >>> <unbound-users at unbound.net <mailto:unbound-users at unbound.net>>:
> >>>
> >>> Im running 20 Unbound servers and around 20% of response are NXDOMAIN,
> >>> for queries coming from my clients.
> >>
> >>
> >>
> >> Block those IPs that are obviously p4wned until they clean up their PCs?
> >
> > the source addresses are forged. the victims are not unclean in any way.
> > this is why rrl exists.
> >
> > -- P Vixie
> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180410/bc862115/attachment.htm>


More information about the Unbound-users mailing list