Hello, For various reasons, I cannot immediately implement RRL on my DNS servers... but would like to implement something, in the meanwhile!
Would these two rules be a good start? - Rate limit clients to 100 qps. Drop for 5 mins if exceeded. - Rate limit client to 5 identical queries per second. Drop for 5 mins if exceeded. I implemented these rules already, logging drops instead of performing them, and it does not seem to be dropping any legit clients, and does seem to catch the obvious ANY flood I have been watching... but am sure there is more to it than meets the eye. Any logical errors, or other errors, you see there? Also, any, simple to implement, enhancements you could add? Thank you so much. Mohamed. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
