[ratelimits] Referrals incorrectly limited.
jbond at ripe.net
Wed Jan 9 21:33:32 UTC 2013
On 1/9/13 8:10 PM, Vernon Schryver wrote:
>> From: john <jbond at ripe.net>
>>> Do you disagree with my claim that in almost all legitimate cases not
>>> in the middle of an attack, RRL does not *block* DNS traffic but only
>>> slows it down by forcing legitimate DNS clients to retry or switch to TCP?
>> No I agree admittedly I do keep forgetting that fact; however the first
>> concern I have is that if we force a lot of this traffic over to TCP we
>> could start to exhaust TCP resources.
> Do you see no contradictions in not defending against real attacks
> because you don't currently see them and not defending against
> attacks you do see because of unseen, potential resource exhaustion
> that you could deal with if it did happen?
No one is a technical consideration the other is not.
More information about the ratelimits