[ratelimits] Poor CERT warning message
Geert Jan de Groot
GeertJan.deGroot at xs4all.nl
Tue Sep 10 21:10:34 UTC 2013
Please have a look at:
(which is in Dutch and which breaks google translate; cut/paste
the text itself does work however).
Note that this refers to a CERT message from a French CERT (again,
use 'translate if required).
I think these CERT warnings are poorly informed, incorrect,
and lack a fundamental understanding of how RRL works.
The mitigation proposed, instead of using RRL, is problematic:
"Managers of resolver DNS servers (!) could use monitoring to
detect unusual high amounts of DNS requests to detect an attack".
Unfortunately, CERT messages are sometimes seen as gospel
even when they are incorrect.
I'm not sure about what to do against spread of this misinformation.
More information about the ratelimits