On Feb 28, 2014, at 2:12 AM, Jason Brown <jason.br...@kcom.com> wrote:
> But, it will respond with a valid response (your choice) and therefore not > create a servfail due to trying.. that’s my point. Nope. RPZ only alters responses as they're on their way back to the requestor. The query is still resolved normally first. It does not short-circuit recursion. Chris Buxton > From: bind-users-bounces+jason.brown=kcom....@lists.isc.org > [mailto:bind-users-bounces+jason.brown=kcom....@lists.isc.org] On Behalf Of > Ivo > Sent: 28 February 2014 10:10 > To: bind-users@lists.isc.org > Subject: Re: Bind vs flood > > RPZ cannot rewrite servfail, it is designed to replace a valid response. > > On 2/28/14 11:42 AM, Jason Brown wrote: > Isn’t this where RPZ comes in? Using RPZ means it is quicker and easier to > null amplification, also easier to remove if you do all this with nsupdate, > you can also create a webpage for TS to query any fault against. > > From: bind-users-bounces+jason.brown=kcom....@lists.isc.org > [mailto:bind-users-bounces+jason.brown=kcom....@lists.isc.org] On Behalf Of > Peter Andreev > Sent: 28 February 2014 09:36 > To: Dmitry Rybin > Cc: BIND Users Mailing List > Subject: Re: Bind vs flood > > Well, at first glance it looks like malicious activity, so the best action is > to call all users, suspected in sending such requests, and warn them. > The fast and very (very-very-very) dirty solution is to set up zone > 84822258.com on your resolver. This should supress outgoing queries and thus > minimize resolving time. > > 2014-02-28 12:06 GMT+04:00 Dmitry Rybin <kirg...@corbina.net>: > On 27.02.2014 09:59, Dmitry Rybin wrote: > > Bind answers with "Server failure". On high load (4 qps) all normal > client can get Servfail on good query. Or query can execute more 2-3 > second. > > I have an a mistake, 4'000 QPS. > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > > > -- > Is there any problem Exterminatus cannot solve? I have not found one yet. > > > > > > This email has been scanned for all viruses. > > Please consider the environment before printing this email. > > The content of this email and any attachment is private and may be > privileged. If you are not the intended recipient, any use, disclosure, > copying or forwarding of this email and/or its attachments is unauthorised. > If you have received this email in error please notify the sender by email > and delete this message and any attachments immediately. Nothing in this > email shall bind the Company or any of its subsidiaries or businesses in any > contract or obligation, unless we have specifically agreed to be bound. > > KCOM Group PLC is a public limited company incorporated in England and Wales, > company number 02150618 and whose registered office is at 37 Carr Lane, Hull, > HU1 3RE. > > 118288 - KCOM Group UK Directory Enquiries. Calls will cost no more than > £2.58 connection + £1.79p per minute following the first 60 seconds, > including VAT from a KC or BT landline. Call charges from mobiles and other > networks may vary. If you are calling from a mobile you will now receive your > requested number via text message. You will not be charged for the text > message. > > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > > > > > This email has been scanned for all viruses. > > Please consider the environment before printing this email. > > The content of this email and any attachment is private and may be > privileged. If you are not the intended recipient, any use, disclosure, > copying or forwarding of this email and/or its attachments is unauthorised. > If you have received this email in error please notify the sender by email > and delete this message and any attachments immediately. Nothing in this > email shall bind the Company or any of its subsidiaries or businesses in any > contract or obligation, unless we have specifically agreed to be bound. > > KCOM Group PLC is a public limited company incorporated in England and Wales, > company number 02150618 and whose registered office is at 37 Carr Lane, Hull, > HU1 3RE. > > 118288 - KCOM Group UK Directory Enquiries. Calls will cost no more than > £2.58 connection + £1.79p per minute following the first 60 seconds, > including VAT from a KC or BT landline. Call charges from mobiles and other > networks may vary. If you are calling from a mobile you will now receive your > requested number via text message. You will not be charged for the text > message. > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
