On Wed, Jan 13, 2016 at 8:35 AM, Tomas Hozza wrote:
> On 12.01.2016 18:16, Tony Finch wrote:
>> Tomas Hozza wrote:
>>>
>>> Recently I was trying to find a mechanism in BIND that could prevent the
>>> server from processing a recursive query for non-existing domains.
>>
>> Have a look at https://w
Tony,
Didn't see this mentioned in the other thread messages, but depending
on what version of BIND you are using you may find a lot of benefit in using
the Response Rate Limiting (RRL) feature.
https://www.isc.org/blogs/bind-9-9-4-released/
We have found it to be VERY effective
On 12.01.2016 18:16, Tony Finch wrote:
> Tomas Hozza wrote:
>>
>> Recently I was trying to find a mechanism in BIND that could prevent the
>> server from processing a recursive query for non-existing domains.
>
> Have a look at https://www.isc.org/blogs/tldr-resolver-ddos-mitigation/
>
>> I was
Hi Tomas
On Tue, Jan 12, 2016 at 05:53:20PM +0100, Tomas Hozza wrote:
> Hello all.
>
> Recently I was trying to find a mechanism in BIND that could prevent
> the server from processing a recursive query for non-existing
> domains. The issue I was trying to solve was that when server was
> getting
Tomas Hozza wrote:
>
> Recently I was trying to find a mechanism in BIND that could prevent the
> server from processing a recursive query for non-existing domains.
Have a look at https://www.isc.org/blogs/tldr-resolver-ddos-mitigation/
> I was thinking about using RPZ with QNAME policy trigger,
5 matches
Mail list logo
