[dns-operations] rate-limiting state

Tony Finch dot at dotat.at
Fri Feb 7 14:16:59 UTC 2014

Patrick W. Gilmore <patrick at ianai.net> wrote:
> On Feb 07, 2014, at 07:09 , Tony Finch <dot at dotat.at> wrote:
> >
> > If my busy name server is getting 1000 qps of real traffic from all over
> > the net, and 1000 qps of attack traffic "from" some victim, then RRL will
> > attenuate responses to the victim without affecting other users.
> >
> > In the absence of RRL, the victim will be denied service by overwhelming
> > traffic. In the presence of RRL the victim might have slightly slower DNS
> > resolution.
> Not just the victim.

What not just the victim? In the absence of RRL the DDoS attack is likely
to cause collateral damage, yes. In the presence of RRL non-victims are
unaffected as long as the attack isn't overwhelming the name server.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.

More information about the dns-operations mailing list