OK. I believe I have this right. I've enabled some of the Cisco's policing action. The rules I've put in place (using the lowest values the Cisco would allow me) should slow down any would be DNS floods that aren't already dropped with the ACLs I've added.
Code:
class-map match-all DDoS
match protocol dns
policy-map Throttle-DDoS
class DDoS
police 8000 1000 1000 conform-action transmit exceed-action drop violate-action drop
interface FastEthernet4
description INTERNET
service-policy input Throttle-DDoS
:
:
This SHITE has occupied yet another day of my life, permitting me little time to work on the stuff that inevitably keeps the Guinness flowing.
__________________
VAXman -- Watcher of the moon, watcher of all.
----------------Mopper of the moon, mopper of all.
-------------------- Aural Moon's Janitorial Services
---------------------and Restroom Supplies, and Techno-patsy --
Cogito ergo iMac.