On Sat, Sep 15, 2012 at 6:52 PM, Mohamed Lrhazi <[email protected]> wrote: > > https://gist.github.com/3729931
I updated the script to hash, and hence count and rate limit, the errors and responses, instead of the qname+qtype. The way am doing it is : - If response rcode is not NOERROR, hash and count the rcode itself. - else, concat all response RRs, and hash and count that instead. Is that good enough? also, with BIND RRL slip functionality aside, how close is this script to the real deal? Also, one could say that by enabling RRL, we are adding a weaknesses to the system: - Attack using large number of unique queries and unique source IPs, aiming at exhausting our RAM... Is that a valid criticism? Does BIND RRL mitigate that? Should one add logic to disable the whole RRL after reaching some QPS threshold? Thanks a lot, Mohamed. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
