[c-nsp] rate limit dns
Dobbins, Roland
rdobbins at arbor.net
Thu Jan 2 08:52:40 EST 2014
On Jan 2, 2014, at 8:09 PM, Gert Doering <gert at greenie.muc.de> wrote:
> I would strongly recommend *against* doing stateful anything in front of a DNS server. It won't serve a useful function (as unbound etc. are
> quite good in recognizing "real" responses vs. "fake"), but serves as an additional chokepoint which might run into overload far before your
> servers die.
Concur 100%:
<https://app.box.com/s/a3oqqlgwe15j8svojvzl>
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 243 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20140102/25a5833c/attachment-0001.sig>
More information about the cisco-nsp
mailing list