From owner-freebsd-questions@FreeBSD.ORG Thu Dec 28 00:08:50 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BEDA916A403 for ; Thu, 28 Dec 2006 00:08:50 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.freebsd.org (Postfix) with ESMTP id 941F013C49C for ; Thu, 28 Dec 2006 00:08:50 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 39D845D9B; Wed, 27 Dec 2006 18:41:24 -0500 (EST) X-Virus-Scanned: amavisd-new at codefab.com Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VnilBvenjSnL; Wed, 27 Dec 2006 18:41:22 -0500 (EST) Received: from [192.168.1.251] (pool-68-161-114-230.ny325.east.verizon.net [68.161.114.230]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id D32905C9B; Wed, 27 Dec 2006 18:41:21 -0500 (EST) Message-ID: <4593049D.5030909@mac.com> Date: Wed, 27 Dec 2006 18:41:17 -0500 From: Chuck Swiger User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: Tek Bahadur Limbu References: <20061226171837.5e4c92a0.teklimbu@wlink.com.np> <200612261434875.SM00292@TX2.Go2France.com> <20061227131153.5a417076.teklimbu@wlink.com.np> In-Reply-To: <20061227131153.5a417076.teklimbu@wlink.com.np> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Need to restrict DNS requests to just 5 per second X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Dec 2006 00:08:50 -0000 Tek Bahadur Limbu wrote: [ ... ] > Thank you very much for your help and suggestions. Actually, the reason > why I want to implement this restriction is because some clients whose > Windows PCs are infected with viruses and malwares send up to 10-20 > bogus DNS queries per second which causes the traffic utilization to go > almost 5 times high on the dns server. There are legitimate reasons why a client machine might want to make dozens or even hundreds of DNS lookups per second-- or have you never used adns or another webserver logfile analyzer yourself? :-) Please consider solving the problem rather than a symptom. If you experience what you determine to be malicious traffic from a host or traffic which violates your published AUP, please contact the systems' owner or perform firewall egress filtering on such a machine until it gets fixed. -- -Chuck