On Thu, 2 Apr 2020 at 20:58, Tessa Plum <[email protected]> wrote: > On 2020/4/2 5:39 下午, Ray Bellis wrote: > > If it's an authoritative server, turn on Response Rate Limiting (RRL) if > > it's BIND, or the equivalent feature if is isn't. > > Yes they are authoritative servers. > Does RRL work based on IP addr? but the requesting IP seems spoofed. > > Is the spoofed IPs randomly generated?
Considering your privacy concern , you can try the appoarch to increase the bandwidth and harden the name server with cluster using OSPF ECMP ( https://archive.nanog.org/meetings/nanog34/presentations/abley.nameservers.pdf ) Davey
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
