Maintained by: NLnet Labs

[Unbound-users] Random subdomain flood query

Franky Yustanto
Tue Mar 31 16:43:57 CEST 2015


Thanks to Daisuke that help me privately that patch bloomfilter.
Now is worked on my unbound, still try to use it.
The traffic getting little bit down now ... Around 4 til 6 mbps.


Sent from my iPad

> On 31 Mar 2015, at 21.34, DarkSoul <darksoul at darkbsd.org> wrote:
> 
> Yes, these domains change quite often, unfortunately :(
> This is an attack called water torture.
> 
> I have developed a solution at work for this,
> and am working to get the permission to opensource it.
> 
> I can only say that itcounts NXDOMAIN queries for delegation points,
> and stops answering queries past a certain threshold.
> 
> (The bloom filter solution - checking for long lasting recursive queries
> - is not bad at all, though)
> 
> Cheers,
> 
>> On 03/31/2015 11:15 PM, Stephane Bortzmeyer wrote:
>> On Tue, Mar 31, 2015 at 09:12:37PM +0700,
>> Franky Yustanto <battossai at gmail.com> wrote 
>> a message of 18 lines which said:
>> 
>>> I got about 3500 pps.
>> And the suffix (136.xxx) actually changes every second?
>> 
>> _______________________________________________
>> Unbound-users mailing list
>> Unbound-users at unbound.net
>> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 
> -- 
> Stephane LAPIE, EPITA SRS, Promo 2005
> "Even when they have digital readouts, I can't understand them."
> --MegaTokyo
> 
>