[161821] in North American Network Operators' Group
Re: Open Resolver Problems
daemon@ATHENA.MIT.EDU (William Herrin)
Wed Mar 27 10:35:02 2013
In-Reply-To: <5152FB65.9060309@brightok.net>
From: William Herrin <bill@herrin.us>
Date: Wed, 27 Mar 2013 10:34:31 -0400
To: Jack Bates <jbates@brightok.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Mar 27, 2013 at 10:00 AM, Jack Bates <jbates@brightok.net> wrote:
> On 3/27/2013 8:47 AM, William Herrin wrote:
>> Right now that's a complaint for the mainstream software authors, not
>> for the system operators. When the version of Bind in Debian Stable
>> implements this feature, I'll surely turn it on.
>
> Tracking the clients would be a huge dataset and be especially complicated
> in clusters. They'd be better off at detecting actual attack vectors rather
> than rate limiting.
I count this among the several reasons I intend to wait until a
solution has been accepted into the bind mainline.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
