Maintained by: NLnet Labs

[Unbound-users] Unbound Logging

Mark Felder
Thu Feb 2 00:24:50 CET 2012


On 01.02.2012 10:49, Dominick Rivard wrote:
>
> I am using Unbound to serve a public DNS server and I am looking for 
> a way
> to prevent bot or server degrading my service by requesting the same 
> domain
> name like 10 times per seconds. I thought of using fail2ban but for 
> that I
> need to get the ip of the requester somewhere in the log, so I tried
> analyzing the log and changed the verbosity of the logging with
> unbound-control, but still I don’t find anything yet that I could use 
> for
> this purpose.
>
>

On BSD I'd say use a pf rule to block the IP for a time period if X 
many concurrent states to port 53. Is something like that possible with 
iptables on Linux?