[Unbound-users] Unbound as public DNSSEC resolver
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Wed Oct 13 16:24:05 UTC 2010
Zitat von lst_hoe02 at kwsoft.de:
> Zitat von lst_hoe02 at kwsoft.de:
>
>> Ups, sorry. I forgot to disable S/MIME for the list-mail.
>>
>> But the question remains:
>>
>> What is "best practice" to limit the resources used and to be a
>> good citizen when using unbound as public DNSSEC aware resolver, or
>> is it no recommended at all?
>>
>
> Still no answer for this one so i guess it is not recommended at all...
>
Okay, so it boils down to the danger of being used as amplification in
a DoS with spoofed UDP source IP addresses. I will see what can be
done with ipt_recent and low resource settings to avoid DoS
amplification as much as possible.
Thanks
Andreas
More information about the Unbound-users
mailing list