Op 27-03-13 16:54, Owen DeLong schreef: > It's been available in linux for a long time, just not in BIND…
Not entirely true: http://www.redbarn.org/dns/ratelimits > > Here is a working ip6tales example: > Tricky... There is also the 'hashlimit' module (at least for v4, not sure about v6), that may be a better approach, because it works on a 'per ip address'-basis. See https://lists.isc.org/pipermail/bind-users/2012-July/088223.html for some inspiration of how it may be of value. -- Marco On Mar 27, 2013, at 6:47 AM, William Herrin <b...@herrin.us> wrote: >> On Tue, Mar 26, 2013 at 10:07 PM, Tom Paseka <t...@cloudflare.com> wrote: >>> Authoritative DNS servers need to implement rate limiting. (a client >>> shouldn't query you twice for the same thing within its TTL). >> Right now that's a complaint for the mainstream software authors, not >> for the system operators. When the version of Bind in Debian Stable >> implements this feature, I'll surely turn it on. >> >> Regards, >> Bill Herrin >> >> >> -- >> William D. Herrin ................ her...@dirtside.com b...@herrin.us >> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> >> Falls Church, VA 22042-3004 > -- Marco Davids
smime.p7s
Description: S/MIME-cryptografische ondertekening