[dns-operations] dns response rate limiting (DNS RRL) patch available for testing
bortzmeyer at nic.fr
Mon Jun 18 09:49:25 UTC 2012
On Tue, Jun 12, 2012 at 08:15:00PM +0000,
Paul Vixie <paul at redbarn.org> wrote
a message of 21 lines which said:
> [recursive servers are] a separate problem, and most of the time the
> fix is to add an ACL to deny off-net or off-campus query traffic.
If you don't do ingress filtering, it still allows people to attack
your users (they can send from the outside a "ANY ripe.net" query
claiming to be from a local machine).
More information about the dns-operations