On Fri, Aug 23, 2013 at 06:53:29AM -0700, Bry8 Star wrote:
At my first few small-scale implementations, i did not
pay attention
to rate-limiting techniques, then i realized its importance over time.
RRL support for gdnsd is being tracked upstream at:
https://github.com/blblack/gdnsd/issues/36
(filed by yours truly, 7 months ago; Brandon has left some really good
and large responses there)
You're right that it's a prerequisite to DNSSEC support, due to the
large DNSSEC responses -and more importantly, for tiny queries- being
appealing to DNS amplification attackers.
Thanks,
Faidon