[dns-operations] solutions for DDoS mitigation of DNS

Tony Finch dot at dotat.at
Thu Apr 2 14:10:17 UTC 2020


Tessa Plum <tessa at plum.ovh> wrote:
>
> Does RRL work based on IP addr? but the requesting IP seems spoofed.

RRL is based on the contents of the DNS response as well as the IP
address. Usually for a DDoS attack the IP address is spoofed as the
address of the victim, so rate limiting reduces the amount of response
traffic sent to the victim.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Cromarty, Forth: Northwest 6 to gale 8, occasionally severe gale 9 at first in
Cromarty, backing west 4 to 6. Very rough at first in northeast Cromarty,
otherwise moderate or rough. Squally wintry showers. Good, occasionally poor.


More information about the dns-operations mailing list