about DNS RRL
Barry Margolin
barmar at alum.mit.edu
Wed Oct 17 13:12:31 UTC 2012
In article <mailman.424.1350461867.11945.bind-users at lists.isc.org>,
pangj <pangj at riseup.net> wrote:
> I have read the document of redbarn RRL for BIND and this NSD RRL:
> https://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/
>
> I have a question that, since the DDoS to DNS are coming from spoofed
> IPs. But RRL is working based on source IP. So how can it stop the real
> life attack?
You're thinking that the rate limit is intended to protect YOUR server.
It's actually to prevent your server from being used as a reflector to
attack some OTHER server. The spoofed addresses all point to that
server.
--
Barry Margolin
Arlington, MA
More information about the bind-users
mailing list