[dns-operations] dns response rate limiting (DNS RRL) patch available for testing

[Stephane Bortzmeyer]

On Tue, Jun 12, 2012 at 08:15:00PM +0000,
 Paul Vixie <paul at redbarn.org> wrote 
 a message of 21 lines which said:

> [recursive servers are] a separate problem, and most of the time the
> fix is to add an ACL to deny off-net or off-campus query traffic.

If you don't do ingress filtering, it still allows people to attack
your users (they can send from the outside a "ANY ripe.net" query
claiming to be from a local machine).