[dns-operations] DNS ANY record queries - Reflection Attacks

Mohamed Lrhazi ml623 at georgetown.edu
Tue Sep 11 05:36:19 UTC 2012


Nope. I have not, and am not using BIND unfortunately. But I guess you
are saying: Limit responses to any client to some number per some time
window.

What would be an appropriate number, per what time window, to be
effective and lesser the chances of false positives?

Thanks a lot,
Mohamed.

On Tue, Sep 11, 2012 at 1:31 AM, Paul Vixie <paul at redbarn.org> wrote:
> On 2012-09-11 5:30 AM, Mohamed Lrhazi wrote:
>> Can one generalize the mitigation given above to all query types or
>> all queries?
>>
>> Am seeing peaks around 100,000 queries per hour, for several
>> consecutive hours at a time.
>
> have you heard about DNS RRL?
>



More information about the dns-operations mailing list