[dns-operations] dns response rate limiting (DNS RRL) patch available for testing

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Jun 18 09:49:25 UTC 2012


On Tue, Jun 12, 2012 at 08:15:00PM +0000,
 Paul Vixie <paul at redbarn.org> wrote 
 a message of 21 lines which said:

> [recursive servers are] a separate problem, and most of the time the
> fix is to add an ACL to deny off-net or off-campus query traffic.

If you don't do ingress filtering, it still allows people to attack
your users (they can send from the outside a "ANY ripe.net" query
claiming to be from a local machine).



More information about the dns-operations mailing list