[dns-operations] question for DNS being attacked

Paul Vixie paul at redbarn.org
Thu Jun 28 05:07:05 UTC 2012

On 2012-06-28 4:04 AM, Michael Hoskins (michoski) wrote:
> ...or even firewall based rate limiting like iptables or dummynet.
> http://codingfreak.blogspot.com/2010/01/iptables-rate-limit-incoming.html

we've used dummynet on f-root for many years now. it has a
barely-tolerable false positives problem, in that a stream of legitimate
queries from a real client can be significantly impacted, leading to
application slowdowns. the weaknesses in this approach led to DNS RRL,
which takes account not only of the purported source address, but of the
prospective response to the query. it's the combination of source
address and prospective response that helps tell friendly flows from
unfriendly ones with a low false positive rate.


More information about the dns-operations mailing list