How to increase Receive-Buffer (RX-Buffer) in LXC Container?

[Riesling.Dry]

PVE 8.4.1 Debian 12
LXC VE also Debian 12

NameServer on VE is under a so called pseudo-random subdomain (PRSD) attack. Basically a bot-net is flooding DNS w. MASSES of silly requests.

The VE is at 98% idle but legit requests do not come through, apparently due to the Receive- or RX-Buffer (rmem) being to small.

On the host we set the buffers w. sysctl, but the changes do not seem to take effect on the VE?

Q: How to increase the buffers of the kernel in the VE?

Cheers,
~R.

 

[dakralex]

How did you make sure that the change did not take effect on the container? The container shares the host's kernel, so if the sysctl config has been set there, it is also set for the container. Either way, aren't there better defenses for these attacks then enlarging the receive buffer?

 

[Riesling.Dry]

How did you make sure that the change did not take effect on the container?

cuz the behaviour didn't seem to change...

The container shares the host's kernel, so if the sysctl config has been set there, it is also set for the container.

Great, thanks for confirming that!

Either way, aren't there better defenses for these attacks then enlarging the receive buffer?

working on that

What would you propose - maybe we missed something and and addl. ideas/proposals are very much appreciated, thanks in advance.

Cheers,
~R.