dns: adjust named config for DDoS

Increase a number of values, add some limits. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2023-06-14 15:20:44 -07:00 · 2023-06-14 15:20:44 -07:00 · e6d08451ca
commit e6d08451ca
parent adef5b55fd
1 changed files with 7 additions and 2 deletions
--- a/roles/dns/files/named.conf
+++ b/roles/dns/files/named.conf
@ -37,7 +37,7 @@ options {
        pid-file "/var/run/named/named.pid";
        statistics-file "/var/log/named.stats";
        provide-ixfr no;
-	tcp-clients 1000;
+	tcp-clients 10000;

        version "cowbell++";

@ -50,9 +50,14 @@ options {
        notify yes;
        minimal-responses yes;
        // rate-limit requests
+        max-ncache-ttl 3600;
+        max-cache-size  1024M;
        rate-limit {
-                responses-per-second 25;
+                responses-per-second 50;
                window 5;
+                max-table-size  2000000;
+                min-table-size  500000;
+                ipv4-prefix-length 32;
        };
 };
 //