So based on the response below how critical is it to implement RRL via Bind RRL
patch provided the servers resources are available? And where do I download
this patch?
Rohan
On Thu, 2 May 2013 22:16:51 GMT
Vernon Schryver v...@rhyolite.com wrote:
From: Lawrence K. Chen, P.Eng. lkc...@ksu.edu
- Original Message -
From: Lawrence K. Chen, P.Eng. lkc...@ksu.edu
So does rate limiting cover when the attacker walks my DNS zone to
attack an IP?
that depends on what is meant by rate limiting and walking a DNS
zone.
Simple rate limiting that counts all requests
From: rohan.he...@cwjamaica.com
So based on the response below how critical is it to implement
RRL via Bind RRL patch provided the servers resources are available?
Even if I knew which server resources are at issue (I don't), I think
you must decide for yourself whether to install RRL and if
Found the answer to below.
According to isc-tn-2012-1.txt hybrid authority/recursive servers are out of
scope.
On Fri, 03 May 2013 13:44:01 -0500
rohan.he...@cwjamaica.com wrote:
What if both authoritative and recursive are running on the same server since
RRL does not apply to recursive
On 05/03/2013 11:44 AM, rohan.he...@cwjamaica.com wrote:
What if both authoritative and recursive are running on the same server
That's a simple answer, don't do that.
Doug (ever)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
From: rohan.he...@cwjamaica.com
What if both authoritative and recursive are running on the same
server since RRL does not apply to recursive servers?
Found the answer to below.
According to isc-tn-2012-1.txt hybrid authority/recursive servers
are out of scope.
I disagree. What
Understood. I already have ACLs defined. So I can use
rate-limit{exempt-clients{address-match-list}}; statement to exclude my
client addresses from the RRL checks. Thanks.
Rohan
On Fri, 3 May 2013 20:13:47 GMT
Vernon Schryver v...@rhyolite.com wrote:
From: rohan.he...@cwjamaica.com
What
- Original Message -
Patch BIND to include the RRL (Response Rate Limiting) patches
(http://www.redbarn.org/dns/ratelimits), blackhole/ignore those
clients requesting.
The fact that Response Rate Limiting (RRL) does not blackhole/ignore
clients is a feature and why it is a
On Tue, 30 Apr 2013, Jose Manuel Delgado G. wrote:
I have isc.org attack. isc.org internet *?. It comes from my own clients
that I have allowed in my ACL. the question is how to stop this attack?
this causes my traffic on the interface is intense and also up my cpu
percentage. that I can do to
Patch BIND to include the RRL (Response Rate Limiting) patches
(http://www.redbarn.org/dns/ratelimits), blackhole/ignore those
clients requesting.
The fact that Response Rate Limiting (RRL) does not blackhole/ignore
clients is a feature and why it is a better mitigation for DNS
Reflection DoS
10 matches
Mail list logo
