Abour RRL and Best Practise

[Tom J. Marcoen]

Hey Onur,

I would guess it depends on your setup and how many traffic you
receive.  [1] gives
as an example a value of 10 responses per second, which I would say is
a good place
to start.  [5] gives a value of 5 responses per second and I get the
impression that
that is the value used by the F root servers.  You can always
implement RRL on one
of your authoritative name servers with a value of 10 and try lower
values if all
seems to be ok.

Both resources are from ISC so I would say they are good advice to start with.

PS: RRL is disabled by default so the default value is "0", meaning
"no limit" (see
the ARM for version 9.16.8 on page 73).

[1]: https://kb.isc.org/docs/aa-00994
[2]: https://conference.apnic.net/data/37/apricot-2014-rrl_1393309768.pdf

Best regards,
Tom

On Fri, 27 Nov 2020 at 08:00, Onur GURSOY <onurgursoygyte at gmail.com> wrote:
>
> Hello Everyone,
>
> Bind9 is a good product and benchmark.
> It has good documentation especially about vulnerabilities.
> I wonder one thing, nowadays,
>
> For brute force, reflection, ampliciation and etc. attacks, there is prevention which is name response rate limit (RRL).
> Question:
> What is the default value rate-limit ?
> What is the best practise, best value for rate-limit clause .
>
> Thanks in advance.
> Have nice day and healthy day,
> With best regards
>
> --
> Onur GÜRSOY
> R&D Engineer in Embedded Systems
> Master Student at Gebze Institute Of Technology
> Department Of Electronic Engineering
> GSM : 0(545) 764 7653
> e-mail: onurgursoygyte at gmail.com
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users