On 26/05/15 22:00, Mike Hoskins (michoski) wrote:
However, as we've mostly just been turning knobs in an attempt to minimize
log entries... insight from operators is appreciated.
We run with:
rate-limit { responses-per-second 20; };
3x internet-facing resolvers answering about 5-25k qps across a couple
of hundred zones. Seems to work fine. Had no complaints, very effective
at stopping reflection attacks based on what we observe.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users