Discuss mailing list

[Futuro <evan AT cs.umn.edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a very interesting patch and I look forward to Bind v10.

- -F

On 04/16/2013 08:53 AM, Stefan Sabolowitsch wrote:
> Hi guys. Why do you make your life not something easier? rate-limit
> and anti-spoof are OK and important, but what really helps is DNS
> dampening.
> 
> http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening
> 
> It will be as a plugin in the upcoming release of Bind v10.
> 
> 
> 
> http://bind10.isc.org/ticket/2840
> 
> It's really works, look here "5.1k Dampening" requests per second 
> http://www.pic-upload.de/view-18968967/DNS_Dampening.png.html
> 
> 
> should someone need help, just ask me maybe i can help here.
> 
> 
> Regards, Stefan
> 
> 
> 
> 
> 
> 
> Am 16.04.13 07:02 schrieb "Tim Groeneveld" unter
> <tim AT timgws.com.au>:
> 
>> 
>> 
>> ----- Original Message -----
>>> 
>>> 
>>> ----- Original Message -----
>>>> Rate-limiting is the best first-step in this game. Even if
>>>> you can't prevent your server from being used in an attack,
>>>> you can at least greatly limit the actual damage being done
>>>> to yourself and the intended target. I would highly recommend
>>>> that ALL public DNS servers implement some manner of rate
>>>> limiting.
>>> 
>>> 
>>> This is correct.
>>> 
>> 
>> Also, of note, there is a patch for BIND 9 rate limiting, which
>> can be found here
>> 
>> http://ss.vix.su/~vjs/rrlrpz.html
>> 
>> Regards, Tim
>> 
>> 
>> -------- You are a member of the OpenNIC Discuss list. You may
>> unsubscribe by emailing 
>> discuss-unsubscribe AT lists.opennicproject.org
>> 
> 
> 
> 
> 
> -------- You are a member of the OpenNIC Discuss list. You may
> unsubscribe by emailing
> discuss-unsubscribe AT lists.opennicproject.org
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQIcBAEBAgAGBQJRbShqAAoJEIeJ3lPmfXqo0M4P/20zxoDINUKBaQCu9oIt555H
Hs7xm6kPP7oOECcZKkd/1fq6L3uwihkzH7jxZc2rM6k2s2RYUCbEyGO2mLo4kuwZ
z5z72dZF0uJ1nH4quHDUjAeydKkMxvglt3D9LP/R9PfXNetFwAYEtPgbrrEMBDFu
inaY/TSBb0fwxydrISnMoVPyX1CjfBW8U+o9upJTtoUstdK0pF8Sy+KhYKd43140
EVXxVR5zhO1rUwZOzMjbQ1s7z9ot0+j+t9NEAWa243KsE4Nfe4JmXkSZbP8NXXP6
bs/Rg8SYVl6qx7I+CXPZXP5zSKgFyrMbZ2aC60JDrRWuNZ6ZXKzgJyeIS9oSCUgy
a7i1YMrT0RA2uOHKhNn7kChIv+yfUc2Zghxy4MDyV4Cfensnpc3jLlwC3onVbaxj
2gjAK2FNACUCKGFaZpCyIZHaEAFrRqf/Cp+yku837EzC5N2kUVuoawMvpCer5VI/
hjZdw/SnQr0JoEzFesewE+P+0ZQoYHIZUQDzUfL7MNMRgMGbirGnLskLuD6FLkoU
mHPyX/LnuvAUzC/8gEaUpSPb3W0OE3vojfbKM7xvWJNnDiu2f/S51o1LI/lFQ9IN
WNzLr8oSVBM0LRIvE/KSiCAUjl/+MCwSlMBYfT1s3bVeCTCazC6Ohv1zvaE5N7CH
in/1qtDH78iFVywbocMD
=IJxl
-----END PGP SIGNATURE-----