Protect a Dns Server
-
Hello,
I would like protect a Dns server to prevent it to a Flood, Syn Flood, Ddos Attack.
I have think to set this configuration for the TCP/UDP port 53 :
Maximum state entries per host: 5
Maximum new connections / per second: 10/1My question is, what's the best pratice to protect a DnsServer from DDos attack ?
Best Regards
-
Don't forget that your firewall (pfSense box) is the weak link here - there's nothing stopping somebody simply DDoSing it if you just protect your DNS server.