[ratelimits] Fragments of ARM Chapter 6 clarification

nudge nudgemac at fastmail.fm
Mon Feb 11 20:22:40 UTC 2013

I've been lurking here and on the rpz list with interest and believe
I've garnered a fairly good understanding. Thanks to all for the quality
of debate including some classic quotes to add to the collection.
However, there's just a couple of sentences in the docs that I need to
clarification on, if you'd be so obliging:

"Attacks that justify ignoring the contents of DNS responses are likely
to be attacks on the DNS server itself. They usually should be discarded
before the DNS server spends resources make TCP connections or parsing
DNS requesets, but that rate limiting must be done before the DNS server
sees the requests."

What precisely does this mean in the context of response rate limiting ?


Ian Maddison
(aka nudge)

More information about the ratelimits mailing list