2019-12-30, 12:45–12:50, Borg
I'll demonstrate how you can filter dns packets from iptables with insanely great performance, and also why you should be wary about doing this.
Filtering DNS packets from iptables is possible, and the performance is awesome. However, if you don't pay attention, and you don't test thoroughly enough, you may also filter legit queries. The talk is about a bit of hardening, and mostly about a fail in production, and how I have achieved to drop about 2-3% of our users.