[dns-operations] dns response rate limiting (DNS RRL) patch available for testing
Paul Vixie
paul at redbarn.org
Tue Jun 12 20:15:00 UTC 2012
On 6/12/2012 8:13 PM, Florian Weimer wrote:
> * Paul Vixie:
>
>> Vernon Schryver and Paul Vixie have been working on DNS Response Rate
>> Limiting (DNS RRL) as a patch set to BIND9 (9.9.1-P1 or 9.8.3-P1) and we
>> are ready for broader external testing.
> It seems rather straightforward to force recursive resolvers to hit
> the rate limit. Why isn't this a problem?
as described in the documentation
(http://www.redbarn.org/dns/ratelimits), we do not recommend this for
recursive servers at this time. that's a separate problem, and most of
the time the fix is to add an ACL to deny off-net or off-campus query
traffic.
More information about the dns-operations
mailing list