DNS Flood Detector detects excessive usage levels on high-traffic nameservers in order to identify abuse.
DNS Flood Detector has been designed to be a versatile tool that can run on two different modes to amplify its functionality. The user can either run it in daemon mode or "bindsnap" mode. In daemon mode, DNS Flood Detector will alarm via syslog, while in bindsnap mode, the user can get near-real-time statistics on usage to aid in more detailed troubleshooting.
Additionally, DNS Flood Detector can be fine-tuned to deliver optimal results based on the user's preferences. This can be done by using the various options provided by the software. These options can be specified when running the software and include the interface to listen on, the alarm threshold, the waiting time before alarming again on the same source, and the time interval for calculating statistics. Other options such as filtering for specific addresses, running in the background in daemon mode or foreground in bindsnap mode, and providing detailed information are also available.
DNS Flood Detector provides sample output data to showcase its effectiveness in identifying threats to the nameserver. The sample output data includes information such as source IP addresses, query rates, and the type of queries received. This data is vital in understanding the nature of the attack and taking appropriate countermeasures.
In conclusion, DNS Flood Detector is an essential software tool that should be in the arsenal of any individual or organization that operates high traffic nameservers. With its advanced features and ability to deliver real-time data, it is a powerful software tool that provides an edge in identifying and preventing abusive usage levels on high traffic nameservers. This recent update of the software comes with several fixes and improvements, including address filtering options and fractional query rates for better precision.
Version 1.12: N/A