Hi, The best topology is DNS behind load balancers, doing all requirements of securing through VIP (virtual IP), let me know scenarios you are using, that is, public with DSL users, Wi-Fi, mobile or 3-g to give you more precise tips. Don't forget to enable monitoring of DNS machines with NAGIOS or cacti. Best regards On Sunday, August 4, 2013, Michael Hock wrote:
Hi there,
I need to set up a DNS server which is accessible from the whole internet. I have not chosen a DNS software yet, so maybe we could discuss about some, e.g. bind, dnsmasq, ...
My biggest concerns are dns amplification attacks, I don't want my server to be part of this. Is it already possible to protect DNS servers from spoofing attacks? Maybe just by rate-limiting the requests, without breaking legit requests?
Best regards, Michael
-- IMTIAZ AHMED *T.E.D.S.* (Private) Limited. 273-B, St.55, F-11/4, Islamabad-44000. T: +92 512 211 700 , M: +92 334 516 76 09 E: ceo@teds.pk <info@teds.pk>