----- Original Message -----
> > From: "Lawrence K. Chen, P.Eng." <lkc...@ksu.edu>
>
> > So does rate limiting cover when the attacker walks my DNS zone to
> > attack an IP?
>
> that depends on what is meant by "rate limiting" and "walking a DNS
> zone".
>
> Simple rate limiting that counts all requests ostensibly from a
> single IP address regardless of (qname,qtype) differs from response
> rate limiting (RRL) which counts distinct responses.
>
> "Walking a zone" can differ from walking a zone's valid names
> (perhaps
> based on NSEC RRs or arithmetic as in a reverse zone).
>
Well, if you had left the context of my reply in, it would be clear that I was
referring to the RRL patch.
And, I said in my message that I don't know the details of the walking....the
person relaying the incident to me didn't specify the kind of walking, which is
why I said, "I'm curious what kind of walking it was doing".
Because I wondered whether all/mostly NXDOMAIN/NSEC3 responses would get
limited.
I've played around with simple rate limiting before...on some caching
servers...what a mess that turned out. Since it was one host that was mainly
being bad, it was easier to just block it....
>From what I was told of the incident...queries coming were from all over (from
>valid ranges), but the responses were all going to one IP. So, IT Security
>didn't think they could do anything about it...except to ask why do we have
>DNS servers that are accessible from the Internet, and can they be blocked. ;-o
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
