HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

rate-limit dns queries on Procurve 8212zl J9091A

 
SOLVED
Go to solution
ghel
Occasional Contributor

rate-limit dns queries on Procurve 8212zl J9091A

Hi,

I had last week the situation that a user had a rouge dnsmasq which got our DNS server to its knees. I was looking arround how to rate-limit queries to our dnsmasq, with no success, neither on the server it self nor on the switch. Is there any way to do thi on a Procurve 8212zl / J9091A for each edge port the same way it can be achieved for ICMP, so that won't happen again? or is it a DNS specific configuration? 

Thanks

2 REPLIES
TerjeAFK
Respected Contributor
Solution

Re: rate-limit dns queries on Procurve 8212zl J9091A

There is a rate-limit comand on Procurve switches, but from what I know it is based on bandwidth and not number of packets so it may not be the solution to your problem. Otherwise I would say that this is something best handled by a firewall, to set limits on the number of simultaneous connections from a client to your DNS server.

 

ghel
Occasional Contributor

Re: rate-limit dns queries on Procurve 8212zl J9091A

Hi and thanks for the reply,

that is what I ended with. Unfortunately dnsmasq offers that option only for a specific domain, a specific Network or a specific single IP address. So the firewall does the job now.

cheers