BIND 10 #2840: implement a mitigation function against DNS amplifications attacks
BIND 10 Development
do-not-reply at isc.org
Mon Mar 4 14:25:15 UTC 2013
#2840: implement a mitigation function against DNS amplifications attacks
-------------------------------------+-------------------------------------
Reporter: cas | Type:
Status: new | enhancement
Milestone: New Tasks | Priority:
Keywords: | medium
Sensitive: 0 | Component:
Sub-Project: DNS | b10-auth
Estimated Difficulty: 0 | CVSS Scoring:
Total Hours: 0 | Defect Severity: N/A
| Feature Depending on Ticket:
| Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
DNS amplification attacks are a real pain for DNS server operators. The
amount of these attacks has increased in the last months
BIND 9, NSD and Knots are now implementing DNS response rate limiting.
(I know some ) DNS operators would consider deploying BIND 10 on
production systems, but are held back by the lack of a mitigation function
against DNS amplification attacks.
BIND 9 Response Rate Limiting Patch by Paul Vixie and Vernon Schryver:
http://www.redbarn.org/dns/ratelimits
NLnetLabs and Univ of Amsterdam:
"Defending against DNS reflection amplification attacks"
http://www.nlnetlabs.nl/downloads/publications/report-rrl-dekoning-
rozekrans.pdf
Lutz Donnerhacke - DNS dampening:
http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening
--
Ticket URL: <http://bind10.isc.org/ticket/2840>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list