New Versions of BIND are available (9.9.4, 9.8.6, and 9.6-ESV-R10)
Noel Butler
noel.butler at ausics.net
Thu Sep 19 23:20:29 UTC 2013
On Thu, 2013-09-19 at 16:04 -0700, Michael McNally wrote:
> New versions of BIND are now available from http://www.isc.org/downloads
>
New Features 9.9.4
Added Response Rate Limiting (RRL) functionality to reduce the
effectiveness of DNS as an amplifier for reflected denial-of-service
attacks by rate-limiting substantially-identical responses. [RT
#28130]
I have been using this since 9.9.4bx, and although documentation is/was
lacking at the time, so there might be a whitelisting somewhere , but in
its absence, I highly advise against using RRL if your mail servers use
those DNS servers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130920/1c50e177/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130920/1c50e177/attachment.bin>
More information about the bind-users
mailing list