Tony Finch writes: > Patrick W. Gilmore <[email protected]> wrote: > > On Feb 07, 2014, at 07:09 , Tony Finch <[email protected]> wrote: > > > If my busy name server is getting 1000 qps of real traffic from all over > > > the net, and 1000 qps of attack traffic "from" some victim, then RRL will > > > attenuate responses to the victim without affecting other users. > > > > > > In the absence of RRL, the victim will be denied service by overwhelming > > > traffic. In the presence of RRL the victim might have slightly slower DNS > > > resolution. > > > > Not just the victim. > > What not just the victim? In the absence of RRL the DDoS attack is likely > to cause collateral damage, yes. In the presence of RRL non-victims are > unaffected as long as the attack isn't overwhelming the name server.
Maybe Patrick glossed over the mere "1000 qps", which for many (most? hand-waving) operators doesn't even blip as an attack. At the attack-level traffic to which he is accustomed, the inbound requests can easily surpass the server's ability to generate responses even if it ends up not sending most of them. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
