On Fri, 2021-07-16 at 12:08 +0200, Thomas Mieslinger via Pdns-users wrote: > Suggestions from older threads (Klaus Darrilon): > - Put that zone in a more efficent Backend (he suggested lmdb)
Good idea. > - Put that zone in a more efficent Software (he suggested nsd) and use > dnsdist to route the traffic to the alternate Software Also a good idea. > Very old suggestion: > - Use a firewall uint32 match to lock out queries to the attacked zone. Should work, bit more work to manage. > Crazy idea: > - enable DNSSec on that zone > - setup pdns recursor or similar add delegate the zone to it > - pdns-recursor should now be able to efficiently calculate the > NXDOMAINs based on NSEC/NSEC3 information Recursor can do that, but it cannot serve the zone to the world. It is not an Authoritative server. So, sadly, this suggestion does not work. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
