On Mon, Sep 17, 2012 at 3:55 PM, Gilbert E. Detillieux <gedetil@cs.umanitoba.ca> wrote:

Sean, do you have a working iptables example that you've used?  I've used the "recent" module on services like SSH, POP, and IMAP, but not for DNS.

No, I've always avoided the problem by using someone else's servers or ACL'ing things to my network.

-m recent is how I'd start, too. Just log the violations instead of dropping them to start.

Depending on what the impact would be to your network, policing/shaping your DNS traffic to an arbitrary limit might also work. Could be done with iptables, the Linux shaper, or an upstream router.

Sean

--
Sean Walberg <sean@ertw.com>    http://ertw.com/