Limiting recursion

Discussion in 'General' started by ACDII, Jun 3, 2014.

  1. ACDII

    ACDII Member

    Hi all, I am using ISPConfig 3 for DNS server pair, Master/Slave. Unfortunately, we have customers with remote locations that use our DNS servers. We got a notice that one of these servers was involved in a Open recursive resolver used for an attack.

    What can I do to limit the number of external connections to prevent this while still allowing external users access? I found something about tcp-connections, but doesn't it also use UDP?

    I know the perfect solution is to allow only subnets we control, but that wont work due to the remote users. What else can I do? These are both behind ASA firewalls, so if there is something I can do on them, that would be good too.

Share This Page