> In article <mailman.424.1350461867.11945.bind-us...@lists.isc.org>, > pangj <pa...@riseup.net> wrote: > >> I have read the document of redbarn RRL for BIND and this NSD RRL: >> https://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/ >> >> I have a question that, since the DDoS to DNS are coming from spoofed >> IPs. But RRL is working based on source IP. So how can it stop the real >> life attack? > > You're thinking that the rate limit is intended to protect YOUR server. > It's actually to prevent your server from being used as a reflector to > attack some OTHER server. The spoofed addresses all point to that > server. > >
Sorry I just can't understand that why my server is being used to attack other's servers? _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
