Amplification and reflection attack mitigation

Defender provides a simple mechanism to protect against DNS amplification and reflection attack by limiting the bandwidth that a single client can generate. It relies on DNSdist's DynBlockRulesGroup:setResponseByteRate() method. For example, to drop queries for 60s after a client has exceeded 300k bytes/s over the last 10 seconds:

  ---
  - type: amplification
    action: drop
    seconds: 10
    action_duration: 60
    comment: "Exceeded response bandwidth"
    max_response_byte_rate: 300000

Please refer to the reference for the complete description of the settings.