On 2013-07-05 07:21, John Wobus wrote:
I endorse this suggestion: we were faced with such attacks and were naturally leery about issues we might run into running a patched bind and the additional tuning it could require. Our experience is: the RRL patch, used with its default parameters, simply does the job.
I haven't been following the RRL discussions too closely, is this patch scheduled to be included in BIND9 proper or will it remain a patch?
We generally prefer to avoid "unsupported" (third party) patches, although I am working on getting an exception through for this particular situation, but if it's scheduled for inclusion in the nearish future, we may wait.
In the mean time, would it make sense to set "minimal-responses yes" proactively, or only if a spike of activity is detected (noting that it will take us 1-3 days to notice a spike unless it's disruptive to performance)
-- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
