How to suppress ADDITIONAL SECTION per zone
Vernon Schryver
vjs at rhyolite.com
Fri Jul 5 14:26:02 UTC 2013
> From: John Wobus <jw354 at cornell.edu>
> > Other possibility is to implement packet rate limiting - a patch was
> > discussed here a few days/weeks ago.
>
> I endorse this suggestion: we were faced with such attacks and were
> naturally leery about issues we might run into running a patched bind
> and the additional tuning it could require. Our experience is: the RRL
> patch, used with its default parameters, simply does the job.
(thanks for the good new.)
See http://www.redbarn.org/dns/ratelimits
Vernon Schryver vjs at rhyolite.com
More information about the bind-users
mailing list