So based on the response below how critical is it to implement RRL via Bind RRL
patch provided the servers resources are available? And where do I download
this patch?
Rohan
On Thu, 2 May 2013 22:16:51 GMT
Vernon Schryver wrote:
>> From: "Lawrence K. Chen, P.Eng."
>
>> So does rate limiting
- Original Message -
> > From: "Lawrence K. Chen, P.Eng."
>
> > So does rate limiting cover when the attacker walks my DNS zone to
> > attack an IP?
>
> that depends on what is meant by "rate limiting" and "walking a DNS
> zone".
>
> Simple rate limiting that counts all requests oste
> From:
> So based on the response below how critical is it to implement
> RRL via Bind RRL patch provided the servers resources are available?
Even if I knew which server resources are at issue (I don't), I think
you must decide for yourself whether to install RRL and if so, how
urgently.
> A
What if both authoritative and recursive are running on the same server since
RRL does not apply to recursive servers?
Rohan
On Fri, 3 May 2013 18:19:27 GMT
Vernon Schryver wrote:
>> From:
>
>> So based on the response below how critical is it to implement
>> RRL via Bind RRL patch provided t
Found the answer to below.
According to isc-tn-2012-1.txt hybrid authority/recursive servers are out of
scope.
On Fri, 03 May 2013 13:44:01 -0500
wrote:
>What if both authoritative and recursive are running on the same server since
>RRL does not apply to recursive servers?
>
>Rohan
>
>On Fri
On 05/03/2013 11:44 AM, rohan.he...@cwjamaica.com wrote:
What if both authoritative and recursive are running on the same server
That's a simple answer, don't do that.
Doug (ever)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> From:
> >What if both authoritative and recursive are running on the same
> >server since RRL does not apply to recursive servers?
> Found the answer to below.
>
> According to isc-tn-2012-1.txt hybrid authority/recursive servers
> are out of scope.
I disagree. What isc-tn-2012-1.txt says is
Understood. I already have ACLs defined. So I can use
"rate-limit{exempt-clients{address-match-list}}; " statement to exclude my
client addresses from the RRL checks. Thanks.
Rohan
On Fri, 3 May 2013 20:13:47 GMT
Vernon Schryver wrote:
>> From:
>
>> >What if both authoritative and recursive
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
There are two versions.
9.9.2-0.3.P2 is the original source code from isc.org
9.9.2-0.4.P2 adds the rrl patches from
http://www.redbarn.org/dns/ratelim
I was having same problem, i did place an IP tables rule
2013/4/30 Jose Manuel Delgado G.
> I have isc.org attack."* isc.org internet *?".* It comes from my own
> clients that I have allowed in my ACL. the question is how to stop this
> attack? this causes my traffic on the interface is intense
10 matches
Mail list logo
