Replies: 1 comment 1 reply
-
|
I just found my own answer. The creator of technitium is a genius - he has literally thought of everything. Settings --> Recursion --> Allow/Deny Recursion For Specified Networks Then put in the public ipv4 and public ipv6 in 'Allow', and leave 'Deny' blank. This will only allow recursion from the specific IPs listed. This will minimize random people using my DNS as their own resolver, correct? And also minimize DNS amplification attacks? |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the post. Yes, you can restrict the networks that can access the resolver feature using that option. Amplification attacks will still be a concern but you can mitigate it by configuring a suitable rate limiting value in the QPM Limit option in Settings > General section. Set the value base on how much traffic you see on average on your dashboard and add some more to that value just for margin for peak time. If you find out someone is trying amplification attack or just sending too many requests then you can use the Drop Requests app to configure the domain name/type that you want to match for those attack and the app will just drop those requests. |
Beta Was this translation helpful? Give feedback.
-
Can I use technitium to host the authoritative server on 3-4 of my domains, as well as an upstream resolver?
Are there any concerns? e.g., for authoritative will I need to have ports 53 open to everyone? This means I cannot prevent DNS amplification attacks as the use port 53, so I need to re-opne this port. moreover, others will be able to use my resolver upstream?
It sounds like it's not really feasible to have both in a secure manner, so may be better to make two separate technitium instances? But then it'll have to be in a brand new VPS with a new IP etc?
Beta Was this translation helpful? Give feedback.
All reactions