[ratelimits] defaults for DNS-RRL
paul at redbarn.org
Thu Mar 7 12:16:07 UTC 2013
Daniel Stirnimann wrote:
> Hi Tony
> Thanks for your corrections of the defaults. Seems I took up the value 5
> from somewhere else.
>>> // set to max. of query load the server can handle x WINDOW
>>> max-table-size 1000000;
>> The documentation suggests that the table size should be about
>> the query rate per second, not per window.
> You are right, the documentation suggests to set it only to about the
> query rate per seconds. I got the other definition from the paper
> "Defending against DNS reflection amplification attacks",
i suggest reading the materials at
http://www.redbarn.org/dns/ratelimits, both the tech note and ARM
version, to learn the details of how RRL is supposed to work, and how it
is implemented in BIND9 and other servers.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ratelimits