[161848] in North American Network Operators' Group
Re: Open Resolver Problems
daemon@ATHENA.MIT.EDU (Marco Davids)
Wed Mar 27 14:47:37 2013
Date: Wed, 27 Mar 2013 19:44:47 +0100
From: Marco Davids <mdavids@forfun.net>
To: nanog@nanog.org
In-Reply-To: <A51601D2-6AFC-43B2-8516-7BC74A779578@delong.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Dit is een cryptografisch ondertekend bericht in MIME-formaat.
--------------ms030105000403010705040409
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Op 27-03-13 16:54, Owen DeLong schreef:
> It's been available in linux for a long time, just not in BIND=85
Not entirely true:
http://www.redbarn.org/dns/ratelimits
>
> Here is a working ip6tales example:
>
Tricky...
There is also the 'hashlimit' module (at least for v4, not sure about
v6), that may be a better approach, because it works on a 'per ip
address'-basis.
See https://lists.isc.org/pipermail/bind-users/2012-July/088223.html for
some inspiration of how it may be of value.
--
Marco
On Mar 27, 2013, at 6:47 AM, William Herrin <bill@herrin.us> wrote:
>> On Tue, Mar 26, 2013 at 10:07 PM, Tom Paseka <tom@cloudflare.com> wrot=
e:
>>> Authoritative DNS servers need to implement rate limiting. (a client
>>> shouldn't query you twice for the same thing within its TTL).
>> Right now that's a complaint for the mainstream software authors, not
>> for the system operators. When the version of Bind in Debian Stable
>> implements this feature, I'll surely turn it on.
>>
>> Regards,
>> Bill Herrin
>>
>>
>> --=20
>> William D. Herrin ................ herrin@dirtside.com bill@herrin.us=
>> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
>> Falls Church, VA 22042-3004
>
--=20
Marco Davids
--------------ms030105000403010705040409
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME-cryptografische ondertekening
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIINNTCC
BjQwggQcoAMCAQICAR4wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoT
DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp
Z25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3
MTAyNDIxMDE1NVoXDTE3MTAyNDIxMDE1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1T
dGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu
aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs
aWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcJg8zOLdgasSmkLhOr
lr6KMoOMpohBllVHrdRvEg/q6r8jR+EK75xCGhR8ToREoqe7zM9/UnC6TS2y9UKTpT1v7RSM
zR0t6ndl0TWBuUr/UXBhPk+Kmy7bI4yW4urC+y7P3/1/X7U8ocb8VpH/Clt+4iq7nirMcNh6
qJR+xjOhV+VHzQMALuGYn5KZmc1NbJQYclsGkDxDz2UbFqE2+6vIZoL+jb9x4Pa5gNf1TwSD
kOkikZB1xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr/+N2JLKutIxMYqQOJebr/f/h5t95
m4JgrM3Y/w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCAa0wggGpMA8GA1UdEwEB/wQFMAMB
Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRTcu2SnODaywFcfH6WNU7y1LhRgjAfBgNV
HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRaMFgwJwYIKwYBBQUH
MAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYhaHR0cDovL3d3
dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20v
c2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBAAqD
CH14qywGXLhjjF6uHLkjd02hcdh9hrw+VUsv+q1eeQWB21jWj3kJ96AUlPCoEGZ/ynJNScWy
6QMVQjbbMXltUfO4n4bGGdKo3awPWp61tjAFgraLJgDk+DsSvUD6EowjMTNx25GQgyYJ5RPI
zKKR9tQW8gGK+2+RHxkUCTbYFnL6kl8Ch507rUdPPipJ9CgJFws3kDS3gOS5WFMxcjO5DwKf
KSETEPrHh7p5shuuNktvsv6hxHTLhiMKX893gxdT3XLS9OKmCv87vkINQcNEcIIoFWbP9HOR
z9v3vQwR4e3ksLc2JZOAFK+ssS5XMEoznzpihEP0PLc4dCBYjbvSD7kxgDwZ+Aj8Q9PkbvE9
sIPP7ON0fz095HdThKjiVJe6vofq+n6b1NBc8XdrQvBmunwxD5nvtTW4vtN6VY7mUCmxsCie
uoBJ9OlqmsVWQvifIYf40dJPZkk9YgGTzWLpXDSfLSplbY2LL9C9U0ptvjcDjefLTvqSFc7t
w1sEhF0n/qpA2r0GpvkLRDmcSwVyPvmjFBGqUp/pNy8ZuPGQmHwFi2/14+xeSUDG2bwnsYJQ
G2EdJCB6luQ57GEnTA/yKZSTKI8dDQa8Sd3zfXb19mOgSF0bBdXbuKhEpuP9wirslFe6fQ1t
5j5R0xi72MZ8ikMu1RQZKCyDbMwazlHiMIIG+TCCBeGgAwIBAgIDBF+FMA0GCSqGSIb3DQEB
CwUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20g
Q2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcNMTIwNjEzMDI1MzA4
WhcNMTMwNjE0MDcxNzEzWjBAMRswGQYDVQQDDBJtZGF2aWRzQGZvcmZ1bi5uZXQxITAfBgkq
hkiG9w0BCQEWEm1kYXZpZHNAZm9yZnVuLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALB1nukEwsGSGxhXwKQIdr8zo16V1fopU0sAz7kywbMaoZbNml4Bj9HLdi3D9cBR
AabNhwMdiUiVrX0mOK0pO1JFHjeJZb0mWSlImMx1NNBHeSIfB2JicwQ9CJnMqGv44E0wzcW5
gj9ttcXf6z3ODXXKF4/QMWOI1Fson6D62GXx/ox9choiXZeJjlB5qjB9YCYWcEOl+l7KjnHP
r84uJgpUweIK6d6dDUGyjwHkisFWgt+YaqAzEwGrGQXKBYBilBsoOXwL/eTN8pn0Zx1KL6oS
gFUjXKDcLK1WT/DFqqPSp56w94dwjMDH5NK/3xYWH223yANYqU0ouduCzqxvDmkCAwEAAaOC
A60wggOpMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
BgEFBQcDBDAdBgNVHQ4EFgQUd6Ftd0An3x9H3Gt9SFx8k2LbZPAwHwYDVR0jBBgwFoAUU3Lt
kpzg2ssBXHx+ljVO8tS4UYIwHQYDVR0RBBYwFIESbWRhdmlkc0Bmb3JmdW4ubmV0MIICIQYD
VR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3Rh
cnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29t
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBp
c3N1ZWQgYWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAxIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRz
IG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRl
bmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdh
dGlvbnMuMIGcBggrBgEFBQcCAjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTADAgECGmRMaWFiaWxpdHkgYW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBz
ZWN0aW9uICJMZWdhbCBhbmQgTGltaXRhdGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xp
Y3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUxLWNy
bC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0
c3NsLmNvbS9zdWIvY2xhc3MxL2NsaWVudC9jYTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5z
dGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMS5jbGllbnQuY2EuY3J0MCMGA1UdEgQcMBqG
GGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEACwajs94UDysw
TKsikKC+30u5PSUc2fr6ZJbfE+3HTjNksjvrrVfA570zrBWTEuNPXHYKHciAJTaZa51PBngY
LIe6+XZqqtxzXvkPNqjPde9nmDC89oZ291WWtdk1RiI74jwVRtpQ4HuiLL0hFqw+uTQ6KcSa
KEjUFmugbu9/bpf5YWcxXXrUsIi4PB9wsHX9Pt5krTbl97gnlHVobdXruAR9R41hm4Oq5DvC
jBhkwt0ZgHSWCEXgbLRuCKS88UhpJYswbt/rcgRCJJ7zy5+1XIH3E/RcxfzQ5rrQSIRuheGz
qBuVDyqHyl1MuMGFVbpIBBU9SZg8y2jmRsuYJLrfeTGCA90wggPZAgEBMIGUMIGMMQswCQYD
VQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmlt
YXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAwRfhTAJBgUrDgMCGgUAoIICHTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xMzAzMjcxODQ0NDdaMCMGCSqG
SIb3DQEJBDEWBBRSQyUZTUqduo+fm90VkErd+RZi8TBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCG
SAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqG
SIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGlBgkrBgEEAYI3EAQxgZcwgZQw
gYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1
cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFz
cyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDBF+FMIGnBgsqhkiG9w0BCRAC
CzGBl6CBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNV
BAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0
Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgMEX4UwDQYJKoZI
hvcNAQEBBQAEggEAma1CGfD1Oga4UGZYK6W/Zowi2eWJUoiNTAui06ShyHE9NK7TskjrbWE5
XcakyvUAiGiQGbTNYZ63eS9IDzNeAnhNcpcZD5eXXUJGpOzExX165DmY8+3MAB2wvzRydSt7
bjvgst/bAjHAiGKQz4JDtSOD7um7O2HmMYFC2L5TiYVhV6vJJ0GW35gIDOx0Is294HSLvZG3
CEOCfgF34BqDu0U4AVWoHsXrqf++OyuGZJ430q57orqc/7Ew0Kl3uqkjoHzPBMzR886nx5XN
uAlZ/Xdlik/nzRxPoHrfkUC/uXWl2K8cMSte8M9Ye3ttGhqDjzFP1jHu3BElQitNOknPwQAA
AAAAAA==
--------------ms030105000403010705040409--
