IN TXT & NULL trash records
Daisuke HIGASHI
daisuke.higashi at gmail.com
Thu Nov 22 14:12:51 UTC 2018
Hi,
Rate-limiting queries per source IP with specific query type (NULL/TXT) and
long qname (e.g. 20 byte or longer). That should be possible using iptables
hashlimit module and dns-extension [1].
That will make DNS-tunnel VPN useless while accepting legitimate TXT/NULL
queries.
[1] https://github.com/mimuret/iptables-ext-dns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20181122/1d883a33/attachment.htm>
More information about the Unbound-users
mailing list