Maintained by: NLnet Labs

[Unbound-users] a mitigation against random subdomain attack

Daisuke HIGASHI
Sun Mar 22 13:31:34 CET 2015


Hi,

I have implemented mitigation against random subdomain DoS attack (or
sometime referred as water torture attack) for Unbound utilizing
bloomfilter.

https://github.com/hdais/unbound-bloomfilter

It learns qnames which resulted in noerror using bloomfilter in peace
time. When a domain is set to be bloomfiltered (manually or
automatically) it accepts only qnames to be noerror for the domain.

This effectively refuse only bad random queries that result would be
nxdomain while keeping the domain resolvable.

Regards,
-- 
Daisuke HIGASHI