Discuss mailing list

[Stefan Sabolowitsch <Stefan.Sabolowitsch AT felten-group.com>]

Hi guys.
Why do you make your life not something easier?
rate-limit and anti-spoof are OK and important, but what really helps is
DNS dampening.

http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening

It will be as a plugin in the upcoming release of Bind v10.



http://bind10.isc.org/ticket/2840

It's really works, look here "5.1k Dampening" requests per second
http://www.pic-upload.de/view-18968967/DNS_Dampening.png.html


should someone need help, just ask me maybe i can help here.


Regards,
Stefan






Am 16.04.13 07:02 schrieb "Tim Groeneveld" unter <tim AT timgws.com.au>:

>
>
>----- Original Message -----
>> 
>> 
>> ----- Original Message -----
>> > Rate-limiting is the best first-step in this game. Even if you
>> > can't
>> > prevent your server from being used in an attack, you can at least
>> > greatly limit the actual damage being done to yourself and the
>> > intended target. I would highly recommend that ALL public DNS
>> > servers implement some manner of rate limiting.
>> 
>> 
>> This is correct.
>> 
>
>Also, of note, there is a patch for BIND 9 rate limiting,
>which can be found here
>
>http://ss.vix.su/~vjs/rrlrpz.html
>
>Regards,
>Tim
>
>
>--------
>You are a member of the OpenNIC Discuss list.
>You may unsubscribe by emailing
>discuss-unsubscribe AT lists.opennicproject.org
>