Forum Discussion

Deep_287674's avatar
Deep_287674
Icon for Nimbostratus rankNimbostratus
Oct 06, 2016

iRule for DNS Flood protection

Hi Team, We have implemented new F5 AFM/ASM DDOS boxes. We need to create iRule to protect DNS flood from some range of IP but we need to whitelistdnsdomain.   when DNS_REQUEST {set fqdn [DNS::que...
AFM
iRules
security
  • Migara_61430's avatar
    Migara_61430
    Oct 06, 2016

    You can apply a similar logic

     

    https://devcentral.f5.com/codeshare/http-request-throttle-version-101-and-above

     

Simon_Waters_13's avatar
Simon_Waters_13
Icon for Cirrostratus rankCirrostratus
Oct 06, 2016

Not sure I get the context.

 

Most DNS DDoS attacks are reflected, so you receive answers, not questions.

 

I cynically suspect well configured DNS server will handle floods of requests faster than F5 iRules, I know back in the days of 486 PCs we you could saturate the wire (only 100Mbps back then) before you got performance issues with DNS servers.

 

There are also cheap/free suppliers of authoritative DNS services with AnyCast and other DDoS protections.

 

You are seeing floods of queries, but not for your own domains? If it is malicious they'll switch to using your domains.