S Carr <sjc...@gmail.com> wrote: > > You might want to check whether the requests are legitimate before > completely blocking them, rate limiting would be a better option.
Remember this is TCP traffic. RRL is designed to deal with spoofed UDP traffic. It can actually make non-spoofed floods worse, because RRL pushes UDP traffic to TCP, and TCP is very easy to saturate. You might find it helps to avoid truncated responses, e.g. by turning on the minimal-responses option. (See also minimal-any in BIND 9.11) Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Southeast Iceland: Northerly or northwesterly 5 to 7, occasionally gale 8 until later in north. Moderate or rough. Occasional rain, fog patches. Moderate or good, occasionally very poor. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users