IN TXT & NULL trash records
paul at redbarn.org
Wed Nov 28 18:08:04 UTC 2018
Maciej Gawron via Unbound-users wrote:
> I think global IP-ratelimit will fit nicely.
i disagree, since the source ip addresses are nonrepudiable. a
non-protocol-aware rate limiter is an easy ddos vector since an attacker
can use up all available credits for some victim simply by forging that
victim's ip address on an otherwise normal looking flow.
transaction or session limits will be nec'y; packet limits are wrong
where udp is concerned.
More information about the Unbound-users