HPE Community
Aruba & ProVision-based
1753331 Members
5104 Online
108792 Solutions
New Discussion

Re: rate-limit dns queries on Procurve 8212zl J9091A

 
SOLVED
Go to solution
ghel
Occasional Contributor

‎04-08-2018 11:39 PM

‎04-08-2018 11:39 PM

rate-limit dns queries on Procurve 8212zl J9091A

Hi,

I had last week the situation that a user had a rouge dnsmasq which got our DNS server to its knees. I was looking arround how to rate-limit queries to our dnsmasq, with no success, neither on the server it self nor on the switch. Is there any way to do thi on a Procurve 8212zl / J9091A for each edge port the same way it can be achieved for ICMP, so that won't happen again? or is it a DNS specific configuration? 

Thanks

0 Kudos
2 REPLIES 2
TerjeAFK
Respected Contributor

‎04-09-2018 05:59 AM

‎04-09-2018 05:59 AM

Solution

Re: rate-limit dns queries on Procurve 8212zl J9091A

There is a rate-limit comand on Procurve switches, but from what I know it is based on bandwidth and not number of packets so it may not be the solution to your problem. Otherwise I would say that this is something best handled by a firewall, to set limits on the number of simultaneous connections from a client to your DNS server.

 

0 Kudos
ghel
Occasional Contributor

‎04-09-2018 12:52 PM - edited ‎04-09-2018 12:53 PM

‎04-09-2018 12:52 PM - edited ‎04-09-2018 12:53 PM

Re: rate-limit dns queries on Procurve 8212zl J9091A

Hi and thanks for the reply,

that is what I ended with. Unfortunately dnsmasq offers that option only for a specific domain, a specific Network or a specific single IP address. So the firewall does the job now.

cheers

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.