Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

It sounds great, and for many people this would be a good solution...
Except that from what I'm reading, the only way to get it is to compile
the bleeding-edge BIND, which most people aren't going to do.

The other issue I see is that this is a BIND-only solution.  What about
those of us who use dedicated firewalls and don't want the excessive
traffic flooding our internal networks?  I prefer to stop as much
garbage as possible at the firewall, then use BIND based solutions as a
backup to catch whatever else gets through.


On 04/16/2013 12:53 AM, Stefan Sabolowitsch wrote:
> Hi guys.
> Why do you make your life not something easier?
> rate-limit and anti-spoof are OK and important, but what really helps is
> DNS dampening.
>
> http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening
>
> It will be as a plugin in the upcoming release of Bind v10.
>
>
>
> http://bind10.isc.org/ticket/2840
>
> It's really works, look here "5.1k Dampening" requests per second
> http://www.pic-upload.de/view-18968967/DNS_Dampening.png.html
>
>
> should someone need help, just ask me maybe i can help here.
>
>
> Regards,
> Stefan
>