On 01/09/2018 02:49 PM, Tony Finch wrote:
Tom <tomtux...@gmail.com> wrote:
If I set the "responses-per-second 5;" and the "window 30;", then begin
flooding (the responses are correctly dropped), then stop flooding, then
querying the nameserver from the same source for the same RR, I'll get
immediately the right answer.
Any explanations for this behavior?
Try more than once - you are probably seeing the effect of the "slip"
setting, which is supposed to allow legitimate clients to get answers even
when they are being spoofed by a DDoS attack.
I tried many times with different values for "window" (window 5;, window
30;, window 3600;) Always the same effect with the following command:
while true; do echo -n "$(date) "; dig +short +ignore +tries=1
@x.x.x.x www.example.com; sleep .01; done
Slip is set to "0" (always drop). After stopping the flood, I'm
immediately able to query the same record (www.example.com) with a
positive answer. Does the "window 5;" or "window 30;" or "window 3600;"
possibly has no effect?
Thank you.
Kind regards,
Tom
Also, if you are using DiG then to see the proper effect you'll want to
set the +ignore +tries=1 options (and maybe +timeout=1).
Tony.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
