In article <mailman.880.1326731999.68562.bind-us...@lists.isc.org>, Chuck Anderson <c...@wpi.edu> wrote:
> On Mon, Jan 16, 2012 at 03:41:15PM +0000, Florian Weimer wrote: > > * Chuck Anderson: > > > > > Unfortunately, these sorts of per-IP limiting are going to become more > > > and more inappropriate with the likes of Carrier Grade NATs, since > > > there will be many subscribers sharing a single public IP address. > > > You may end up causing performance problems for legitimate traffic. > > > > Fortunately, this is not that relevant because it's not really feasible > > to run largish DNS resolvers behind port-based NAT anyway (in part due > > to source port randomization). 8-) > > You miss the point. The DNS server, not behind a NAT, will end up > rate-limiting or blocking clients who ARE behind NATs. DNS queries don't come directly from clients, they come from caching servers, aka resolvers. Its those caching servers that shouldn't be behind NATs. -- Barry Margolin Arlington, MA _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
