On 2012-10-29, at 06:16, Stephane Bortzmeyer <[email protected]> wrote:
> On Mon, Oct 29, 2012 at 10:13:55AM +0000, > Dobbins, Roland <[email protected]> wrote > a message of 20 lines which said: > >>> We apply iptables based rate-limiting on ANY queries with RD bit set. >> >> The problem with fronting your DNS servers with a stateful firewall > > ? iptables != stateful firewalling. no, rate-limiting == stateful firewalling. (I appreciate that there are techniques available to keep the state manageable, but state is required to rate-limit and retaining state in front of DNS servers in general ought indeed to prompt some careful thinking before implementation.) Joe _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
