On 6/12/2012 8:13 PM, Florian Weimer wrote: > * Paul Vixie: > >> Vernon Schryver and Paul Vixie have been working on DNS Response Rate >> Limiting (DNS RRL) as a patch set to BIND9 (9.9.1-P1 or 9.8.3-P1) and we >> are ready for broader external testing. > It seems rather straightforward to force recursive resolvers to hit > the rate limit. Why isn't this a problem?
as described in the documentation (http://www.redbarn.org/dns/ratelimits), we do not recommend this for recursive servers at this time. that's a separate problem, and most of the time the fix is to add an ACL to deny off-net or off-campus query traffic. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
