Once upon a time, Patrick W. Gilmore <[email protected]> said: > If you are looking for DDoS resilience, the answer is not "X times normal". > A DDoS is not a multiple of your normal traffic, it is whatever the botnet > can throw at you.
The OP asked about caching DNS servers. In general, you should only be providing caching DNS services to your own network, not the Internet at large. Inside your network, you should be implementing BCP38; you shouldn't have to deal with spoofing within your own network. At that point, random botnets are not the problem. If you get an excessive number of queries from a customer, you can shut off the customer (because either they have broken software or they're infected). -- Chris Adams <[email protected]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
