IN TXT & NULL trash records

Paul Vixie paul at
Wed Nov 28 18:08:04 UTC 2018

Maciej Gawron via Unbound-users wrote:
> Hi,
> I think global IP-ratelimit will fit nicely.

i disagree, since the source ip addresses are nonrepudiable. a 
non-protocol-aware rate limiter is an easy ddos vector since an attacker 
can use up all available credits for some victim simply by forging that 
victim's ip address on an otherwise normal looking flow.



transaction or session limits will be nec'y; packet limits are wrong 
where udp is concerned.

P Vixie

More information about the Unbound-users mailing list