Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 27 Dec 2006 13:11:53 +0545
From:      Tek Bahadur Limbu <>
To:        Len Conrad <>
Subject:   Re: Need to restrict DNS requests to just 5 per second
Message-ID:  <>
In-Reply-To: <>
References:  <>	<>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hash: SHA1

On Tue, 26 Dec 2006 07:49:09 -0600
Len Conrad <> wrote:

> >I need to restrict dns (udp) requests to not more than 3 requests per
> >second from each client's IP.
> restricting DNS query rate, if you can find a way, will probably slow 
> your clients' operations very noticeably.
> What problem are you trying to solve?
> Len
> _______________________________________________
> mailing list
> To unsubscribe, send any mail to
> ""

Dear All,

Thank you very much for your help and suggestions. Actually, the reason
why I want to implement this restriction is because some clients whose
Windows PCs are infected with viruses and malwares send up to 10-20
bogus DNS queries per second which causes the traffic utilization to go
almost 5 times high on the dns server.

This name server is not authoritative and allows recursion only
to my internal clients defined in my ACL.

Well I will definitely looked into 'recursive-clients' and
'tcp-clients' and also at PF to implement the restriction as suggested
by Matthew.

But since I am currently using IPFW and if I implement another PF
firewall, will it result in unexpected consequences.

Since I am very new to both FreeBSD and Bind, I think
I have got more help and information than I need from you guys.:)

Thanks alot once again.

- -- 

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
Version: GnuPG v1.4.2.2 (FreeBSD)


Want to link to this message? Use this URL: <>