View Single Post
  #2  
Old 30th April 2013, 19:34
SunnyD SunnyD is offline
Junior Member
 
Join Date: Mar 2013
Posts: 21
Thanks: 2
Thanked 9 Times in 9 Posts
Default

While it's unlikely as a whole, with such a low threshold (3 failed queries in 5 minutes) especially if you host multiple domains, you could very well be blacklisting legitimate addresses.

Using a higher threshold (20 failed queries in 5 minutes for example) would be more than sufficient to block those that were using your previously open DNS resolver for DoS reflection purposes.
Reply With Quote