[dns-operations] DNS ANY record queries - Reflection Attacks

Matthew Pounsett matt at conundrum.com
Thu Sep 13 00:06:24 UTC 2012

On 2012/09/12, at 09:06, paul vixie wrote:

> On 9/12/2012 10:57 AM, Phil Regnauld wrote:
>> I do wish we had similar knobs in NSD (I thought version 3 was going
>> to offer that) -
>> http://www.nlnetlabs.nl/downloads/NSD_DenicTechnical.pdf, but that's
>> from 2009.
> i will pay my own air fare and hotel costs to spend a week with the NSD
> folks if they want to implement DNS RRL and they think that having me in
> the office to yell at will improve their chances.
> or they can find me during RIPE 65 and i'll tell them what little i
> know, PLUS i will buy them beer.

I would be most happy if something like this happened.  Once we're done labbing BIND's RRL implementation and go to put it in production, it would be great if we could update our NSD instances as well.  Rate limiting from some instances is better than none, but if we could do it the same way from all of them it would be great.

More information about the dns-operations mailing list