Abour RRL and Best Practise
Tom J. Marcoen
tom.marcoen+isc at gmail.com
Sun Nov 29 11:18:38 UTC 2020
I would guess it depends on your setup and how many traffic you
receive.  gives
as an example a value of 10 responses per second, which I would say is
a good place
to start.  gives a value of 5 responses per second and I get the
that is the value used by the F root servers. You can always
implement RRL on one
of your authoritative name servers with a value of 10 and try lower
values if all
seems to be ok.
Both resources are from ISC so I would say they are good advice to start with.
PS: RRL is disabled by default so the default value is "0", meaning
"no limit" (see
the ARM for version 9.16.8 on page 73).
On Fri, 27 Nov 2020 at 08:00, Onur GURSOY <onurgursoygyte at gmail.com> wrote:
> Hello Everyone,
> Bind9 is a good product and benchmark.
> It has good documentation especially about vulnerabilities.
> I wonder one thing, nowadays,
> For brute force, reflection, ampliciation and etc. attacks, there is prevention which is name response rate limit (RRL).
> What is the default value rate-limit ?
> What is the best practise, best value for rate-limit clause .
> Thanks in advance.
> Have nice day and healthy day,
> With best regards
> Onur GÜRSOY
> R&D Engineer in Embedded Systems
> Master Student at Gebze Institute Of Technology
> Department Of Electronic Engineering
> GSM : 0(545) 764 7653
> e-mail: onurgursoygyte at gmail.com
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users