How to Protect an open DNS resolver
How to Protect an open DNS resolver
I have a pihole running as an open resolver and yes while I know it is not generally the greatest idea in terms of security I have been busy hardening it. I did this awhile back but my VPS has reset so I am going through the paces again. There was some algorithm that detects when your DNS is being used in an amplification attack but I can't remembered what it's called. It's named after some guy like John and it was just a simple install. Any ideas?
Set connection caps for DNS traffic like this example: https://gist.github.com/tuklusan/f71e01f...afbfc91858. This controls TCP and UDP DNS requests with specific limits. For detailed guidance, see the reference link. A simplified approach is provided below.