From: Mark Wooding <mdw@distorted.org.uk>
Date: Fri, 8 Jun 2012 00:51:05 +0000 (+0100)
Subject: Rate limiting for incoming DNS queries over UDP.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/7dde20fa84bad82640c029a7c41e213a576d777a?hp=7dde20fa84bad82640c029a7c41e213a576d777a

Rate limiting for incoming DNS queries over UDP.

We provide DNSsec-signed responses, and could be used as a DDoS
amplifier.  Apply rate-limiting to incoming traffic to mitigate this
effect.

This should be removed if and when BIND acquires its own more
intelligent rate-limiting.
---