Re: RRL settings that work for you

Wed, 27 May 2015 08:16:41 -0700 

On 26/05/15 22:00, Mike Hoskins (michoski) wrote:


However, as we've mostly just been turning knobs in an attempt to minimize
log entries...  insight from operators is appreciated.


We run with:

  rate-limit { responses-per-second 20; };


3x internet-facing resolvers answering about 5-25k qps across a couple 
of hundred zones. Seems to work fine. Had no complaints, very effective 
at stopping reflection attacks based on what we observe.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to