[dns-operations] Does residential ISPs do rate limit on their local resolvers?

bert hubert bert.hubert at powerdns.com
Tue Oct 25 07:48:00 UTC 2016

On Fri, Oct 21, 2016 at 05:53:40PM +0000, Xun Fan wrote:
> So just out of curiosity, is it prevailing that the residential ISPs do rate limit on their local resolvers (per source preferably) ?

It is not prevailing, but several very large scale service providers use
dnsdist to do just that.  I think Nominum ThreatAvert may also offer
something like it (but probably less flexible), as does InfoBox "Automatic
DNS Protection".

Separately, a lot of service providers run home grown iptables scripts to
achieve the same thing. Kernel level blocking is very effective.

This is also why dnsdist can instigate domain or IP level blocking rules in
the Linux kernel.


More information about the dns-operations mailing list