DGA Attack mitigation
Paul Vixie
paul at redbarn.org
Mon Apr 9 21:26:12 UTC 2018
Rainer Duffner wrote:
>
>
>> Am 09.04.2018 um 21:15 schrieb Paul Vixie <paul at redbarn.org
>> <mailto:paul at redbarn.org>>:
>>
>> the source addresses are forged. the victims are not unclean in any
>> way. this is why rrl exists.
...
> Most people using our resolvers use our CPE, our lines, our servers….
> And the rest doesn’t even have access.
>
> Obviously, Mahdi is running a a shop that is a bit larger than ours.
if they are real clients beating you to death with junk queries that all
return nxdomain, you can still win with rrl. less frequent nxdomain
responses will cause the apps to get less work done because they are
waiting on you. thus it will slow the rate of junk queries.
this is exactly the problem that makes me recommend running a local rdns
on every LAN, or at least every house/building/campus, and in my case,
on every laptop. i need fast negative responses and i don't want to pay
in upstream bandwidth, or work flow delay, to get them.
--
P Vixie
More information about the Unbound-users
mailing list