On Mon, Jan 16, 2012 at 03:41:15PM +0000, Florian Weimer wrote: > * Chuck Anderson: > > > Unfortunately, these sorts of per-IP limiting are going to become more > > and more inappropriate with the likes of Carrier Grade NATs, since > > there will be many subscribers sharing a single public IP address. > > You may end up causing performance problems for legitimate traffic. > > Fortunately, this is not that relevant because it's not really feasible > to run largish DNS resolvers behind port-based NAT anyway (in part due > to source port randomization). 8-)
You miss the point. The DNS server, not behind a NAT, will end up rate-limiting or blocking clients who ARE behind NATs. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
