On Mon, Oct 29, 2012 at 10:13:55AM +0000, Dobbins, Roland <rdobb...@arbor.net> wrote a message of 20 lines which said:
> > We apply iptables based rate-limiting on ANY queries with RD bit set. > > The problem with fronting your DNS servers with a stateful firewall ? iptables != stateful firewalling. Some people are careless enough to use iptables modules with connection tracking (very bad idea for the DNS, for the reasons you explain) but others are more careful (rate-limiting requires only a small amount of state). _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
