[Unbound-users] Unbound DDoS / reflexion attack counter-measure ?
tom at then.fr
Sat May 31 01:32:03 CEST 2014
> If your server does not need to be open to the world, you could restrict
> queries to the subnets you control by adding "access-control:
> <subnet>/<mask> allow".
I do have access-control lines but because I had so many I removed them
for clarity but I forgot to keep a few. As an ISP, we have customers
that have obviously malware running on their networks/hosts we cannot
So my config actually looks like this :
access-control: 127.0.0.0/8 allow
access-control: ::1 allow
access-control: 2407:6800:xx:xx::/64 allow
access-control: 192.168.0.0/16 allow
access-control: 123.xxx.xxx.xxx/17 allow
Sorry for the oversight.
More information about the Unbound-users