[dns-operations] solutions for DDoS mitigation of DNS
songlinjian at gmail.com
Thu Apr 2 13:12:14 UTC 2020
On Thu, 2 Apr 2020 at 20:58, Tessa Plum <tessa at plum.ovh> wrote:
> On 2020/4/2 5:39 下午, Ray Bellis wrote:
> > If it's an authoritative server, turn on Response Rate Limiting (RRL) if
> > it's BIND, or the equivalent feature if is isn't.
> Yes they are authoritative servers.
> Does RRL work based on IP addr? but the requesting IP seems spoofed.
> Is the spoofed IPs randomly generated?
Considering your privacy concern , you can try the appoarch to increase the
bandwidth and harden the name server with cluster using OSPF ECMP (
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations