Rate limiting on powerdns authoritative only: needed or not?

sgheghelesgheghele
in Help

Continuing on my adventure in self-hosting nameservers, I am now thinking about security.

I am running PowerDNS authoritative, the latest version, for my master + all 4 slaves. I think that I am doing ok security-wise on my side (master is "hidden", AXFR is only allowed for the slaves' IP addresses, ufw enforces IP access to port 53).

But what about protecting other servers? My servers are not recursive, so they deal with my zones only. openresolver.com says, as expected, that my IPs are not vulnerable to DNS Amplification attacks.

Do I still have to impose any rate limits? If yes, can anyone with experience with PowerDNS help me find out how? I have seen dnsdist, but it seems it is more to load balance queries, which is not my use case.

Anything else I should think about? Thanks for your help!

Tagged:
Sign In or Register to comment.