Re: Abour RRL and Best Practise

[Tom J. Marcoen]

Hey Onur,

I would guess it depends on your setup and how many traffic you
receive.  [1] gives
as an example a value of 10 responses per second, which I would say is
a good place
to start.  [5] gives a value of 5 responses per second and I get the
impression that
that is the value used by the F root servers.  You can always
implement RRL on one
of your authoritative name servers with a value of 10 and try lower
values if all
seems to be ok.

Both resources are from ISC so I would say they are good advice to start with.

PS: RRL is disabled by default so the default value is "0", meaning
"no limit" (see
the ARM for version 9.16.8 on page 73).

[1]: https://kb.isc.org/docs/aa-00994
[2]: https://conference.apnic.net/data/37/apricot-2014-rrl_1393309768.pdf

Best regards,
Tom

On Fri, 27 Nov 2020 at 08:00, Onur GURSOY  wrote:
>
> Hello Everyone,
>
> Bind9 is a good product and benchmark.
> It has good documentation especially about vulnerabilities.
> I wonder one thing, nowadays,
>
> For brute force, reflection, ampliciation and etc. attacks, there is 
> prevention which is name response rate limit (RRL).
> Question:
> What is the default value rate-limit ?
> What is the best practise, best value for rate-limit clause .
>
> Thanks in advance.
> Have nice day and healthy day,
> With best regards
>
> --
> Onur GÜRSOY
> R Engineer in Embedded Systems
> Master Student at Gebze Institute Of Technology
> Department Of Electronic Engineering
> GSM : 0(545) 764 7653
> e-mail: onurgursoyg...@gmail.com
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
>
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Abour RRL and Best Practise

[@lbutlr]

On 27 Nov 2020, at 00:00, Onur GURSOY  wrote:
> Hello Everyone,

Oh, come on!

-- 
"Are you pondering what I'm pondering?"
"Wuh, I think so, Brain, but if we didn't have ears, we'd look like
weasels."
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Abour RRL and Best Practise

[Onur GURSOY]

Hello Everyone,

Bind9 is a good product and benchmark.
It has good documentation especially about vulnerabilities.
I wonder one thing, nowadays,

For brute force, reflection, ampliciation and etc. attacks, there is
prevention which is name response rate limit (RRL).
Question:
What is the default value rate-limit ?
What is the best practise, best value for rate-limit clause .

Thanks in advance.
Have nice day and healthy day,
With best regards

-- 
Onur GÜRSOY
R Engineer in Embedded Systems
Master Student at Gebze Institute Of Technology
Department Of Electronic Engineering
GSM : 0(545) 764 7653
e-mail: onurgursoyg...@gmail.com
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users