ISC is excited to announce the release of BIND 9.9.4, featuring Response Rate Limiting (RRL), security patches, and bug fixes for DNSSEC, RPZ and configuration modules. The latest dot release ensures the stability, robustness and security of your critical Internet infrastructure.
Response Rate Limiting (RRL)
A DNS DDoS attack works by forging queries that look like they came from the victim’s server, making it appear to be requesting a high volume of information. RRL enables server administrators to limit the rate at which their server will send replies to forged queries, thereby preventing it from contributing to the attack.
“Our users have been asking for RRL to be incorporated into BIND,” said Kannan Ayyar, President of Internet Systems Consortium, “and we recognize the important role it plays in DDoS mitigation. With DDoS attacks increasing in both number and severity, we felt it was important to integrate RRL into a supported release.”
“We have been testing RRL in limited release, and are now confident that it is ready for general use in BIND installations,” said Scott Mann, ISC’s VP of Engineering. “Third-party additions like RRL are possible because BIND is open source software. Now that it is fully implemented, we look forward to enhancing and building on RRL in future releases.”
For more information on RRL, visit the following links:
- DDoS Defense Module for BIND DNS – RRL (Webinar)
- A Quick Introduction to Response Rate Limiting
- Cache poisoning gets a second wind from RRL? Probably not.
Commercial support for BIND and additional RRL functionality, RRL Classifier, is available to The DNS Company subscription customers; visit The DNS Company’s BIND Solutions to learn more.
For questions, suggestions and discussions relevant to BIND, participate in our community mailing list, available at https://www.isc.org/community/mailing-list/.
BIND 9.9.4 is available for download at our Downloads page.