[nsd-users] concepts against amplification using dnssec

[Andreas Schulze]

Hello,

Lutz Donnerhacke implemented DNS-Dampening.
http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening

The implementation is available as patch for BIND9 only.
He told me that there is an other method preferred by the nsd developer.
It's called "Response Rate Limiting".

May one describe the idea behind rate limiting and compare it with Lutz' solution?

Thanks.

-- 
Andreas Schulze
Internetdienste | P252

DATEV eG
90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196
E-Mail info @datev.de | Internet www.datev.de
Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70
Vorstand
Prof. Dieter Kempf (Vorsitzender)
Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender)
Dipl.-Kfm. Michael Leistenschneider
Dipl.-Kfm. Dr. Robert Mayr
Jörg Rabe v. Pappenheim
Dipl.-Vw. Eckhard Schwarzer
Vorsitzender des Aufsichtsrates: Reinhard Verholen