xmonader
commented
1 year ago @delandtj this was supposed to be part of 3.11 release, will you be able to help or should it get moved to 3.12?
Open sabrinasadik opened 1 year ago
xmonader
commented
1 year ago @delandtj this was supposed to be part of 3.11 release, will you be able to help or should it get moved to 3.12?
muhamadazmy
commented
11 months ago Beside limiting queries on zos network, we also should make sure that we always run some dns cache in all our images. (not sure what are the available options but i know of dnsmasq)
iwanbk
commented
2 months ago Rate-limit DNS queries for VMs to 15/sec to alleviate popular DNS amplification and reflector attacks
@sabrinasadik how we get the number(15)?
How about making the limit per X seconds (maybe X = 5, 10) instead of one second to accomodate burst of traffic from the users.
We can do the limit using nftables (as suggested by Jan)
we also should make sure that we always run some dns cache in all our images
i fully agree with this and i think it should become mandatory thing to do.
In default ubuntu 24.04 installation on my PC and a digitalocean VM, i found that systemd-resolved already used for the resolver + caching.
Rate-limit DNS queries for VMs to 15/sec to alleviate popular DNS amplification and reflector attacks