David C Lawrence <[email protected]> wrote: > > Maybe Patrick glossed over the mere "1000 qps", which for many (most? > hand-waving) operators doesn't even blip as an attack. At the > attack-level traffic to which he is accustomed, the inbound requests > can easily surpass the server's ability to generate responses even if > it ends up not sending most of them.
At that point the name server itself is the victim, and there isn't anything it can do about the attack - DDoS mitigation has to happen well upstream of the victim. I picked 1000pps because it is enough to trigger RRL without killing the server. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
