On Fri, Aug 23, 2013 at 06:53:29AM -0700, Bry8 Star wrote:
At my first few small-scale implementations, i did not pay attention to rate-limiting techniques, then i realized its importance over time.
RRL support for gdnsd is being tracked upstream at: https://github.com/blblack/gdnsd/issues/36 (filed by yours truly, 7 months ago; Brandon has left some really good and large responses there)
You're right that it's a prerequisite to DNSSEC support, due to the large DNSSEC responses -and more importantly, for tiny queries- being appealing to DNS amplification attackers.
Thanks, Faidon