On 12/18/2012 9:12 AM, Dobbins, Roland wrote: > On Dec 18, 2012, at 5:44 AM, Vernon Schryver wrote: > >> Yes, you could do response rate limiting (RRL) within an application aware >> firewall by have the firewall do almost of all of the work of your DNS >> server. > The 'application-aware firewall' will collapse from state-table exhaustion, > however, so this likely isn't a very good idea.
i don't think that follows. RRL is designed in a way that keeps state manageably finite. in speaking to the cloudshield folks and learning more about "packetC" i think RRL can be done as part of a really smart front end firewall. paul _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
