[c-nsp] rate limit dns
Jared Mauch
jared at puck.nether.net
Wed Jan 1 08:59:44 EST 2014
On Jan 1, 2014, at 7:21 AM, Gert Doering <gert at greenie.muc.de> wrote:
> Attackers have long started to use authoritatives as well. Which is why
> Paul Vixie's RRL or Lutz Donnerhacke's dampening patches for BIND exist.
You don’t need a patch anymore, it’s part of BIND 9.9.4 and later.
Going to say this as well:
Check your IP space for Open Resolvers here:
http://openresolverproject.org/
It’s been almost a year since this project launched and the trends are not encouraging. Most of the devices are CPE which are somewhat lower risk, but any actual DNS server needs to be addressed.
- Jared
More information about the cisco-nsp
mailing list