I'm very confused that why people on the list are suggesting RRL (even BCP38) to the victim of DoS attack? If I remember correctly, the goal of both RRL and BCP38 is to reduce the chance of participating the attack as a innocent helper.
In the introduce of RRL (https://kb.isc.org/docs/aa-01000) , it goes : "RRL helps mitigate DNS denial-of-service attacks by reducing the rate at which authoritative servers respond to high volumes of malicious queries. " Please correct me . Davey On Thu, 2 Apr 2020 at 17:45, Ray Bellis <[email protected]> wrote: > > > On 02/04/2020 10:12, Tessa Plum wrote: > > > All the packages were DNS requests, some queries like 'dig domain.com > any'. > > but their IP address seems spoofed. > > A request from the fake address to our nameserver, but nameserver try > > its best to reply to this unreal address. > > If it's a recursive server, apply an ACL so that only expected clients > can query. > > If it's an authoritative server, turn on Response Rate Limiting (RRL) if > it's BIND, or the equivalent feature if is isn't. > > Ray > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations >
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
