Hello.
We are running latest OES 11 SP3 fully patched.
We are using the novel-named DNS service running on 2 servers.
They are set as authoritative servers for our inside subnets and we have 2 of our isp's dns servers set in the forwarding list.
We have recursive set to the defaults. On and 1000 clients.

Ok so now to the issue we are having.
We have had a problem with all of a sudden losing connection to the internet. It has only happened a few times but we are pretty sure what is causing it.
Digging through the named log file we see recursive clients has reached the 1000 limit when the issue happens. I know we can bump this limit up but I don't think that will be the fix to the problem we are seeing.

We believe what is happening is a DNS Amplification attack. When this attack happens it quickly eats up the recursion client limit and then kills DNS.
We are 100% sure this is the issue because we were able to attack our own server and we saw the recursion client limit hit the 1000 limit pretty quickly and down goes DNS.

So the question is what is the best way to stop this from happening?
I think a rate limit could be implemented to stop this but I can't find a setting like that in the DNS-DHCP console.
We tried adding a rate limit by editing the named.conf file but either we added it wrong or it just doesn't work with the novell-named service.

Thanks in advanced for any help and/or suggestions.