Discuss mailing list

[Jamyn Shanley <jshanley AT gmail.com>]

We could create an OpenNIC repo with signed RPMs that include recommended tweaks.

If nobody is familiar with how to do this, I wouldn't mind creating a demo repo.

-J

On Tue, Apr 16, 2013 at 4:20 PM, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:

But that still requires manual compilation.  What about those who rely on package managers to keep them up to date on security patches?

On 04/16/2013 03:03 PM, Guillaume Parent wrote:

There are backported patches for 9.7 and 9.8 too if you don't want to run bind 9.9.

On Tue, Apr 16, 2013 at 4:57 PM, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:

It sounds great, and for many people this would be a good solution...
Except that from what I'm reading, the only way to get it is to compile
the bleeding-edge BIND, which most people aren't going to do.

The other issue I see is that this is a BIND-only solution.  What about
those of us who use dedicated firewalls and don't want the excessive
traffic flooding our internal networks?  I prefer to stop as much
garbage as possible at the firewall, then use BIND based solutions as a
backup to catch whatever else gets through.

On 04/16/2013 12:53 AM, Stefan Sabolowitsch wrote:
> Hi guys.
> Why do you make your life not something easier?
> rate-limit and anti-spoof are OK and important, but what really helps is
> DNS dampening.
>
> http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening
>
> It will be as a plugin in the upcoming release of Bind v10.
>
>
>
> http://bind10.isc.org/ticket/2840
>
> It's really works, look here "5.1k Dampening" requests per second
> http://www.pic-upload.de/view-18968967/DNS_Dampening.png.html
>
>
> should someone need help, just ask me maybe i can help here.
>
>
> Regards,
> Stefan
>

--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org