nanog mailing list archives

Re: Open Resolver Problems

From: Jack Bates <jbates () brightok net>
Date: Wed, 27 Mar 2013 09:00:05 -0500

On 3/27/2013 8:47 AM, William Herrin wrote:

On Tue, Mar 26, 2013 at 10:07 PM, Tom Paseka <tom () cloudflare com> wrote:

Authoritative DNS servers need to implement rate limiting. (a client
shouldn't query you twice for the same thing within its TTL).

Right now that's a complaint for the mainstream software authors, not
for the system operators. When the version of Bind in Debian Stable
implements this feature, I'll surely turn it on.

Tracking the clients would be a huge dataset and be especiallycomplicated in clusters. They'd be better off at detecting actual attackvectors rather than rate limiting. However, there are enough nodes outthere to easily spread a trickle to avoid individual detections. Youdon't want to DOS your amplifier, after all. It also wouldn't be hard torotate through different requests to defeat the "rate limits".



Jack

Current thread:

Re: Open Resolver Problems, (continued)
- - - Re: Open Resolver Problems Jon Lewis (Mar 26)
    - Re: Open Resolver Problems Paul Ferguson (Mar 26)
    - Re: Open Resolver Problems Alain Hebert (Mar 27)
    - Re: Open Resolver Problems Jared Mauch (Mar 26)
    - Re: Open Resolver Problems Mark Andrews (Mar 26)
    - Re: Open Resolver Problems Paul Ferguson (Mar 26)
    - Re: Open Resolver Problems Mark Andrews (Mar 26)
    - Re: Open Resolver Problems William Herrin (Mar 27)
    - Re: Open Resolver Problems Joe Abley (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems William Herrin (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems Mark Andrews (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Joe Abley (Mar 27)
    - Re: Open Resolver Problems Valdis . Kletnieks (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Owen DeLong (Mar 27)

(Thread continues...)