Discuss mailing list

[Coyo <coyo AT darkdna.net>]

On 12/12/2013 08:24 PM, Guillaume Parent wrote:
> I still believe that heuristics with manual review and rate limiting 
> is the best way to deal with this issue. Also, having a connection 
> that's worth a fuck helps. Home connections, while still very useful 
> for helping the network and OpenNIC users resolving DNS rapidly, are 
> never going to resist any relevant DDoS attack.
>
> Incoming packets will not be stopped by a silly HTML form unless every 
> upstream ISP we have cooperates with us, and that's still a 
> significant threat for people with low transfer connections.
>
> Having a registration system will direct the attacks towards the 
> servers that do not enforce it, simply moving the problem away and 
> directing it to less targets. It also has privacy implications that I 
> do not like.
>
> I am not going to enforce any system that requires users to sign up to 
> use my DNS service.

Heuristics and rate limiting should do nicely. What sorts of tools would 
one use to accomplish this?