Page 1 of 1

Protecting your DNS Infrastructure with PHREL

PostPosted: Sun Oct 29, 2006 9:46 pm
by sella
A new article on PHREL has been posted. The article can be viewed on the PHREL website via the Protecting your DNS Infrastructure link.

Re: Protecting your DNS Infrastructure with PHREL

PostPosted: Mon Aug 09, 2010 10:09 pm
by sella
For those of you dealing with your nameserver being used for a DDOS attack against a remote host, which can quickly fill your logs with messages such as "named[xxxx]: client 109.72.146.154#46250: error sending response: host unreachable", you can use PHREL, as described in the above article, to block the abuse and stop the log messages. For smaller traffic nameservers, you can set a threshold of 15pps with a rate of 0 to dynamically block the majority of these attacks. Larger traffic nameservers may need to use a slightly higher threshold.

Here's an example command line for phreld to block this:

phreld -p 53 -T 15:0