> From: John Wobus <jw...@cornell.edu> > > Other possibility is to implement packet rate limiting - a patch was > > discussed here a few days/weeks ago. > > I endorse this suggestion: we were faced with such attacks and were > naturally leery about issues we might run into running a patched bind > and the additional tuning it could require. Our experience is: the RRL > patch, used with its default parameters, simply does the job.
(thanks for the good new.) See http://www.redbarn.org/dns/ratelimits Vernon Schryver v...@rhyolite.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users