[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

Dobbins, Roland rdobbins at arbor.net
Wed Jun 22 08:32:10 UTC 2011

On Jun 22, 2011, at 4:06 AM, Simon Munton wrote:

> iptables --limit or --hashlimit ?

iptables in front of any server, especially a DNS server, is a self-DoS waiting to happen.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

		The basis of optimism is sheer terror.

			  -- Oscar Wilde

More information about the dns-operations mailing list