You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi!
AdGuard Home safe on public internet?
I want use without VPN, but i'm worried about DNS Amplification and other vulnerabilities.
I have a reason to be worry, or AdGuardHome safe on public internet?
The text was updated successfully, but these errors were encountered:
Yeah, you should be worried about DNS amplification. Any public DNS server eventually becomes a target for such an attack.
AdGuard Home has default rate limit set to 20rps which is generally enough, but from my experience DDoSers are still trying to exploit public DNS servers even when the rate limit is low.
You will need to monitor the situation and block their IP addresses from time to time. For now, the only way to block an IP address is to use iptables on the server. In future versions of AGH, we'll add a configurable blacklist to the settings.
I believe DNS-over-TLS and/or DNS over HTTPS mitigate spoofing and amplification for DoS. If you adjusted your clients to use only one of these, you could drop incoming port 53 on the server.
Hi!
AdGuard Home safe on public internet?
I want use without VPN, but i'm worried about DNS Amplification and other vulnerabilities.
I have a reason to be worry, or AdGuardHome safe on public internet?
The text was updated successfully, but these errors were encountered: