Re: DDOS attack Bind 9.9 - P2

- Original Message - Patch BIND to include the RRL (Response Rate Limiting) patches (http://www.redbarn.org/dns/ratelimits), blackhole/ignore those clients requesting. The fact that Response Rate Limiting (RRL) does not blackhole/ignore clients is a feature and why it is a

mistake or bug or error or user malfunction

I just finished installing bind 9.9.2-P2 on a windows 7 box to act as a local resolved for my 192.168.7 lan and to cache queries so they don't all have to go out over my satellite link... I think it seems likely that I have done something wrong, but I'm not sure what... named.conf looks like:

Re: mistake or bug or error or user malfunction

Someone has installed a ordinary recursive server as a transparent DNS caching server and is intercepting your queries. This does not work. At a minimum a transparent DNS caching server needs to force recursion. It also need to fake AA=1 in the responses. It also needs to pass through TSIG