Discuss mailing list

[mike <mike AT pikeaero.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just finished reading the blog about the dampening, it sounds very
promising. I am think I'll give that a go as well, after I get the
rate limiting going... I'll worry about how I'm going to deal with
applying distro patches later, it can't be much more of a pain in the
@ss than these DoS attacks....

...pizza ordered, coffee on the brew, ...here we go....

- --Mike

On 04/16/2013 05:03 PM, Guillaume Parent wrote:
> There are backported patches for 9.7 and 9.8 too if you don't want
> to run bind 9.9.
> 
> 
> On Tue, Apr 16, 2013 at 4:57 PM, Jeff Taylor
> <shdwdrgn AT sourpuss.net <mailto:shdwdrgn AT sourpuss.net>> wrote:
> 
> It sounds great, and for many people this would be a good
> solution... Except that from what I'm reading, the only way to get
> it is to compile the bleeding-edge BIND, which most people aren't
> going to do.
> 
> The other issue I see is that this is a BIND-only solution.  What
> about those of us who use dedicated firewalls and don't want the
> excessive traffic flooding our internal networks?  I prefer to stop
> as much garbage as possible at the firewall, then use BIND based
> solutions as a backup to catch whatever else gets through.
> 
> 
> On 04/16/2013 12:53 AM, Stefan Sabolowitsch wrote:
>> Hi guys. Why do you make your life not something easier? 
>> rate-limit and anti-spoof are OK and important, but what really
> helps is
>> DNS dampening.
>> 
>> http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening
>> 
>> It will be as a plugin in the upcoming release of Bind v10.
>> 
>> 
>> 
>> http://bind10.isc.org/ticket/2840
>> 
>> It's really works, look here "5.1k Dampening" requests per
>> second 
>> http://www.pic-upload.de/view-18968967/DNS_Dampening.png.html
>> 
>> 
>> should someone need help, just ask me maybe i can help here.
>> 
>> 
>> Regards, Stefan
>> 
> 
> 
> -------- You are a member of the OpenNIC Discuss list. You may
> unsubscribe by emailing 
> discuss-unsubscribe AT lists.opennicproject.org 
> <mailto:discuss-unsubscribe@lists..opennicproject.org>
> 
> 


- -- 
Regards,

Mike Sharkey

CEO, Engineering Manager
Pike Aero Corp.
420 Cross Street
Sudbury, Ontario
Canada    P3E-3W1

P:1+(705)586-2255
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRbdsuAAoJEA7EcEr0emgfZ5AIAK0hxzlHhdVf7JLJeG7SPIvT
c7hiIlbhYz+KZlckhiGkcsZudcIRhBiXRgloRyv0uOgvpuQIPpqAsIl/Yot3iL1v
OezpuunEOEzEulkQQV5o/+ilY1f5vPQCEj+DYoXavLxrjh+0hGeiePSLfy0eJ+iX
GxBzmwMjcJug8vWy5KcEcqcP4RT6VeBkrkWDg3aSvi+RtOt5Hk+bEOijW1XdyX0U
kblgp9d787eWYF5t5wEOQ+C1q6uxkvF9Tzy9dE5G90dZz71n7c7lwy01RYeI4omK
kayghzLlvdZ17AGNuCjObINVqQ3hqzpZfKNJOC3vkbuxLHiqur+nvwNGRkRJPnU=
=rW1D
-----END PGP SIGNATURE-----