Protect a Dns Server

  • Hello,

    I would like protect a Dns server to prevent it to a Flood, Syn Flood, Ddos Attack.

    I have think to set this configuration for the  TCP/UDP port 53 :

    Maximum state entries per host: 5
    Maximum new connections / per second: 10/1

    My question is, what's the best pratice to protect a DnsServer from DDos attack  ?

    Best Regards

  • Don't forget that your firewall (pfSense box) is the weak link here - there's nothing stopping somebody simply DDoSing it if you just protect your DNS server.

Log in to reply