[dns-operations] solutions for DDoS mitigation of DNS

Davey Song songlinjian at gmail.com
Thu Apr 2 13:12:14 UTC 2020

On Thu, 2 Apr 2020 at 20:58, Tessa Plum <tessa at plum.ovh> wrote:

> On 2020/4/2 5:39 下午, Ray Bellis wrote:
> > If it's an authoritative server, turn on Response Rate Limiting (RRL) if
> > it's BIND, or the equivalent feature if is isn't.
> Yes they are authoritative servers.
> Does RRL work based on IP addr? but the requesting IP seems spoofed.
> Is the spoofed IPs randomly generated?

Considering your privacy concern , you can try the appoarch to increase the
bandwidth and harden the name server with cluster using OSPF ECMP (

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200402/11d087cd/attachment.html>

More information about the dns-operations mailing list