I was having same problem, i did place an IP tables rule
2013/4/30 Jose Manuel Delgado G.
> I have isc.org attack."* isc.org internet *?".* It comes from my own
> clients that I have allowed in my ACL. the question is how to stop this
> attack? this causes my traffic on the interface is intense
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
There are two versions.
9.9.2-0.3.P2 is the original source code from isc.org
9.9.2-0.4.P2 adds the rrl patches from
http://www.redbarn.org/dns/ratelim
Understood. I already have ACLs defined. So I can use
"rate-limit{exempt-clients{address-match-list}}; " statement to exclude my
client addresses from the RRL checks. Thanks.
Rohan
On Fri, 3 May 2013 20:13:47 GMT
Vernon Schryver wrote:
>> From:
>
>> >What if both authoritative and recursive
> From:
> >What if both authoritative and recursive are running on the same
> >server since RRL does not apply to recursive servers?
> Found the answer to below.
>
> According to isc-tn-2012-1.txt hybrid authority/recursive servers
> are out of scope.
I disagree. What isc-tn-2012-1.txt says is
On 05/03/2013 11:44 AM, rohan.he...@cwjamaica.com wrote:
What if both authoritative and recursive are running on the same server
That's a simple answer, don't do that.
Doug (ever)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
Found the answer to below.
According to isc-tn-2012-1.txt hybrid authority/recursive servers are out of
scope.
On Fri, 03 May 2013 13:44:01 -0500
wrote:
>What if both authoritative and recursive are running on the same server since
>RRL does not apply to recursive servers?
>
>Rohan
>
>On Fri
What if both authoritative and recursive are running on the same server since
RRL does not apply to recursive servers?
Rohan
On Fri, 3 May 2013 18:19:27 GMT
Vernon Schryver wrote:
>> From:
>
>> So based on the response below how critical is it to implement
>> RRL via Bind RRL patch provided t
> From:
> So based on the response below how critical is it to implement
> RRL via Bind RRL patch provided the servers resources are available?
Even if I knew which server resources are at issue (I don't), I think
you must decide for yourself whether to install RRL and if so, how
urgently.
> A
- Original Message -
> > From: "Lawrence K. Chen, P.Eng."
>
> > So does rate limiting cover when the attacker walks my DNS zone to
> > attack an IP?
>
> that depends on what is meant by "rate limiting" and "walking a DNS
> zone".
>
> Simple rate limiting that counts all requests oste
So based on the response below how critical is it to implement RRL via Bind RRL
patch provided the servers resources are available? And where do I download
this patch?
Rohan
On Thu, 2 May 2013 22:16:51 GMT
Vernon Schryver wrote:
>> From: "Lawrence K. Chen, P.Eng."
>
>> So does rate limiting
10 matches
Mail list logo
