From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-146317-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 20A66138010
	for <garchives@archives.gentoo.org>; Sun, 31 Mar 2013 02:09:06 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 5936BE089A;
	Sun, 31 Mar 2013 02:08:43 +0000 (UTC)
Received: from mail-vc0-f175.google.com (mail-vc0-f175.google.com [209.85.220.175])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id E0BD9E0797
	for <gentoo-user@lists.gentoo.org>; Sun, 31 Mar 2013 02:08:41 +0000 (UTC)
Received: by mail-vc0-f175.google.com with SMTP id hf12so1451423vcb.6
        for <gentoo-user@lists.gentoo.org>; Sat, 30 Mar 2013 19:08:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=x-received:mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:content-type
         :content-transfer-encoding;
        bh=WiSaXCWfbTxYEquzWOuEjjzLtk33uPjOEHqn9cYG4pw=;
        b=0MhlVwRSvG4nlUQKjv93h0gvBMxOAQ9KDtwUbzCDIk/dMN4X1ZgnPth2PzeMpmZRcT
         Y7Z4GJ7GCH/dNIon5off2hhGCBUe9ge1BEtpgA7IV67CzN/XLXuHSkGnqsIMDcFMtnDf
         1vJcwpN1lFmMwfFkAcbRDTpt81xyrKdM4f0blfDAWbvfRI3SPVUSZE01Z1IlXpr0ci0b
         gM9VDxYnAE1jXo8nsyjjS2Qaej78EAlOiicGx4I1RknhH8qq9UttJlUCwwWKMb+Mz8zh
         XmemJzSB6HqXTsJ4rxWVKujdZk8k9v5M0pK6DNEQEzfByEr1OvOU5HVER37vq2P/e1KQ
         2Tzg==
X-Received: by 10.58.44.194 with SMTP id g2mr5820717vem.1.1364695721045; Sat,
 30 Mar 2013 19:08:41 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Sender: paul.hartman@gmail.com
Received: by 10.58.250.66 with HTTP; Sat, 30 Mar 2013 19:08:21 -0700 (PDT)
In-Reply-To: <51540497.5020008@smash-net.org>
References: <51540497.5020008@smash-net.org>
From: Paul Hartman <paul.hartman+gentoo@gmail.com>
Date: Sat, 30 Mar 2013 21:08:21 -0500
X-Google-Sender-Auth: pAy6tudYBDtXkBI7d0wHQJkMtcc
Message-ID: <CAEH5T2PZOaxgqm_2Nm3e+KmAxkjJctGEpGHGS409r+rq_kjNEw@mail.gmail.com>
Subject: Re: [gentoo-user] How to prevent a dns amplification attack
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: b40845aa-cb54-4b67-afd7-65fb39ed89bb
X-Archives-Hash: 820659d489d7d6180e28e3624abd69da

On Thu, Mar 28, 2013 at 3:51 AM, Norman Rie=DF <norman@smash-net.org> wrote=
:
> Hello,
>
> i am using pdns recursor to provide a dns server which should be usable
> for everybody.The problem is, that the server seems to be used in dns
> amplification attacks.
> I googled around on how to prevent this but did not really find
> something usefull.
>
> Does anyone got an idea about this?

Coincidentally, yesterday US-CERT published a small article about DNS
amplification attacks and mitigation strategies:

http://www.us-cert.gov/ncas/alerts/TA13-088A