Vernon Schryver <v...@rhyolite.com> wrote: > > My hope and almost ambition for the code I've been working on is > find a default set of parameters response rate limiting parameters > to reduce the nuisance of open resolvers.
Do you expect the parameters to differ for reflected amplification attacks on authoritative servers? (which is the case that I care about.) Have you considered minimal truncated replies as an alternative response to over-limit clients? The idea being to move legit queries from the victims onto TCP. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Portland: Variable 3 or 4, becoming northerly or northwesterly 4 or 5, occasionally 6 in east. Slight or moderate. Occasional rain. Moderate or good, occasionally poor. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs