dns: adjust named config for DDoS
Increase a number of values, add some limits. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
parent
adef5b55fd
commit
e6d08451ca
1 changed files with 7 additions and 2 deletions
|
|
@ -37,7 +37,7 @@ options {
|
||||||
pid-file "/var/run/named/named.pid";
|
pid-file "/var/run/named/named.pid";
|
||||||
statistics-file "/var/log/named.stats";
|
statistics-file "/var/log/named.stats";
|
||||||
provide-ixfr no;
|
provide-ixfr no;
|
||||||
tcp-clients 1000;
|
tcp-clients 10000;
|
||||||
|
|
||||||
version "cowbell++";
|
version "cowbell++";
|
||||||
|
|
||||||
|
|
@ -50,9 +50,14 @@ options {
|
||||||
notify yes;
|
notify yes;
|
||||||
minimal-responses yes;
|
minimal-responses yes;
|
||||||
// rate-limit requests
|
// rate-limit requests
|
||||||
|
max-ncache-ttl 3600;
|
||||||
|
max-cache-size 1024M;
|
||||||
rate-limit {
|
rate-limit {
|
||||||
responses-per-second 25;
|
responses-per-second 50;
|
||||||
window 5;
|
window 5;
|
||||||
|
max-table-size 2000000;
|
||||||
|
min-table-size 500000;
|
||||||
|
ipv4-prefix-length 32;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
//
|
//
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue