Re: IN TXT & NULL trash records

[ѽ҉ᶬḳ℠ via Unbound-users]

I don't see how how the ip-ratelimit feature in unbound would need to be protocol aware considering that is it is restrained to the unbound daemon and its ports and not being in charge of the entire network? On 28.11.2018 19:08, Paul Vixie via Unbound-users wrote: Maciej Gawron via Unbound-users wrote: Hi, I think global IP-ratelimit will fit nicely. i disagree, since the source ip addresses are nonrepudiable. a non-protocol-aware rate limiter is an easy ddos vector since an attacker can use up all available credits for some victim simply by forging that victim's ip address on an otherwise normal looking flow. see: https://www.icann.org/en/system/files/files/sac-004-en.pdf also: https://queue.acm.org/detail.cfm?id=2578510 transaction or session limits will be nec'y; packet limits are wrong where udp is concerned.