On 27 Nov 2020, at 00:00, Onur GURSOY <[hidden email]> wrote:
> <div class="gmail_default" style= "font-family:comic sans ms,sans-serif">Hello Everyone,</div>
Oh, come on!
"Are you pondering what I'm pondering?"
"Wuh, I think so, Brain, but if we didn't have ears, we'd look like
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
I would guess it depends on your setup and how many traffic you
receive.  gives
as an example a value of 10 responses per second, which I would say is
a good place
to start.  gives a value of 5 responses per second and I get the
that is the value used by the F root servers. You can always
implement RRL on one
of your authoritative name servers with a value of 10 and try lower
values if all
seems to be ok.
Both resources are from ISC so I would say they are good advice to start with.
PS: RRL is disabled by default so the default value is "0", meaning
"no limit" (see
the ARM for version 9.16.8 on page 73).
> Hello Everyone,
> Bind9 is a good product and benchmark.
> It has good documentation especially about vulnerabilities.
> I wonder one thing, nowadays,
> For brute force, reflection, ampliciation and etc. attacks, there is prevention which is name response rate limit (RRL).
> What is the default value rate-limit ?
> What is the best practise, best value for rate-limit clause .
> Thanks in advance.
> Have nice day and healthy day,
> With best regards
> Onur GÜRSOY
> R&D Engineer in Embedded Systems
> Master Student at Gebze Institute Of Technology
> Department Of Electronic Engineering
> GSM : 0(545) 764 7653
> e-mail: [hidden email] > _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> bind-users mailing list
> [hidden email] > https://lists.isc.org/mailman/listinfo/bind-users