[dns-operations] rate-limiting state
dot at dotat.at
Fri Feb 7 14:16:59 UTC 2014
Patrick W. Gilmore <patrick at ianai.net> wrote:
> On Feb 07, 2014, at 07:09 , Tony Finch <dot at dotat.at> wrote:
> > If my busy name server is getting 1000 qps of real traffic from all over
> > the net, and 1000 qps of attack traffic "from" some victim, then RRL will
> > attenuate responses to the victim without affecting other users.
> > In the absence of RRL, the victim will be denied service by overwhelming
> > traffic. In the presence of RRL the victim might have slightly slower DNS
> > resolution.
> Not just the victim.
What not just the victim? In the absence of RRL the DDoS attack is likely
to cause collateral damage, yes. In the presence of RRL non-victims are
unaffected as long as the attack isn't overwhelming the name server.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
More information about the dns-operations