Tony Finch dot at dotat.at
Tue Jul 26 13:11:44 UTC 2016

S Carr <sjcarr at gmail.com> wrote:
> You might want to check whether the requests are legitimate before
> completely blocking them, rate limiting would be a better option.

Remember this is TCP traffic.

RRL is designed to deal with spoofed UDP traffic. It can actually make
non-spoofed floods worse, because RRL pushes UDP traffic to TCP, and TCP
is very easy to saturate.

You might find it helps to avoid truncated responses, e.g. by turning on
the minimal-responses option. (See also minimal-any in BIND 9.11)

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Southeast Iceland: Northerly or northwesterly 5 to 7, occasionally gale 8
until later in north. Moderate or rough. Occasional rain, fog patches.
Moderate or good, occasionally very poor.

More information about the bind-users mailing list