nanog mailing list archives
Re: Open Resolver Problems
From: Tony Finch <dot () dotat at>
Date: Wed, 27 Mar 2013 21:33:58 +0000
Joe Abley <jabley () hopcount ca> wrote:
My assessment is that the implementations I have seen are ready for production use, but I think it's understandable given the moving goalpoasts that some vendors have not yet promoted the code to be included in stable releases.
It is in the current stable release of NSD 3.2.15 though it is a build-time option. It is in the current release candidate of knot DNS 1.2.0-rc4. It will be in BIND-9.10 which has not yet reached public beta. Our servers have been abused as reflectors, and we're using the BIND RRL patch with versions 9.8 and 9.9 to stop the attack traffic. There are other interim options such as using firewall rate limiting which is worse than RRL because it is much more likely to hurt legitimate queries. For example, http://www.bortzmeyer.org/rate-limiting-dns-open-resolver.html Or you can use a configuration add-on such as bindguard. http://bindguard.activezone.de Tony. -- f.anthony.n.finch <dot () dotat at> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first.
Current thread:
- Re: Open Resolver Problems, (continued)
- Re: Open Resolver Problems Matthew Petach (Mar 26)
- Re: Open Resolver Problems Jon Lewis (Mar 26)
- Re: Open Resolver Problems Paul Ferguson (Mar 26)
- Re: Open Resolver Problems Alain Hebert (Mar 27)
- Re: Open Resolver Problems Jared Mauch (Mar 26)
- Re: Open Resolver Problems Mark Andrews (Mar 26)
- Re: Open Resolver Problems Paul Ferguson (Mar 26)
- Re: Open Resolver Problems Mark Andrews (Mar 26)
- Re: Open Resolver Problems William Herrin (Mar 27)
- Re: Open Resolver Problems Joe Abley (Mar 27)
- Re: Open Resolver Problems Tony Finch (Mar 27)
- Re: Open Resolver Problems Jack Bates (Mar 27)
- Re: Open Resolver Problems William Herrin (Mar 27)
- Re: Open Resolver Problems Jack Bates (Mar 27)
- Re: Open Resolver Problems Mark Andrews (Mar 27)
- Re: Open Resolver Problems Tony Finch (Mar 27)
- Re: Open Resolver Problems Jack Bates (Mar 27)
- Re: Open Resolver Problems Tony Finch (Mar 27)
- Re: Open Resolver Problems Joe Abley (Mar 27)
- Re: Open Resolver Problems Valdis . Kletnieks (Mar 27)
- Re: Open Resolver Problems Tony Finch (Mar 27)