[Hosting] [UPDATE] NXDOMAIN DNS DDoS Issues

[Lance Albertson <la...@osuosl.org>]

All,

Thanks to those of you who sent me some suggestions on how to
mitigate these attacks. We had another one happen last night and I took the
opportunity to try putting dnsdist [1] in front of one of the DNS servers
(ns1) manually. It seemed to help but I was having trouble with getting the
resolvers to work properly.

I reverted the change after the attack happened but I plan to move forward
on getting this deployed on at least one host initially and see how it goes.

If anyone else has experience with using dnsdist in front of both resolvers
and authoritative BIND servers on the same host, please reply off list and
share your configuration and setup.

Thanks!

[1] https://dnsdist.org/

-- 
Lance Albertson
Director
Oregon State University | Open Source Lab