[dns-operations] DNS ANY requests from Amazon?
Paul Vixie
paul at redbarn.org
Tue Dec 18 15:30:47 UTC 2012
On 12/18/2012 9:12 AM, Dobbins, Roland wrote:
> On Dec 18, 2012, at 5:44 AM, Vernon Schryver wrote:
>
>> Yes, you could do response rate limiting (RRL) within an application aware firewall by have the firewall do almost of all of the work of your DNS server.
> The 'application-aware firewall' will collapse from state-table exhaustion, however, so this likely isn't a very good idea.
i don't think that follows. RRL is designed in a way that keeps state
manageably finite. in speaking to the cloudshield folks and learning
more about "packetC" i think RRL can be done as part of a really smart
front end firewall.
paul
More information about the dns-operations
mailing list