Twitter
Facebook
LinkedIn
Google+
YouTube
DNS Response Rate Limiting
Eddy Winstead, ISC
Eddy Winstead, ISC
Eddy has over 20 years of DNS, DHCP and sysadmin experience. He was a systems analyst and hostmaster for the North Carolina Research and Education Network (NCREN) for over a decade. At ISC, Eddy has delivered DNS + DNSSEC consulting, configuration audits and technical training.
author = {Eddy Winstead},
title = {{DNS} Response Rate Limiting},
year = {2014},
address = {Seattle, WA},
publisher = {USENIX Association},
month = nov
}
Response Rate Limiting (RRL) has proven to be an effective tool in the mitigation of DNS Amplification attacks. This presentation will discuss the originating events leading to the development of RRL as well as ISC production experience with deployment. The tutorial will include BIND configuration snapshots and discuss considerations for a successful RRL deployment, regardless of nameserver software used.
DNS administrators and security analysts as well as management/executives will benefit from this tutorial.
Attendees will gain knowledge of how DNS Response Rate Limiting works to mitigate DNS DDOS attacks while avoiding major impact to legitimate users. Attendees that use BIND will leave with example configurations. All will return to work with knowledge to make intelligent RRL configuration decisions.
- The basics of a DNS DDOS Attack
- What factors lead to the creation of DNS Response Rate Limiting
- How RRL mitigates DNS DDOS attacks
- Enabling RRL in BIND
- RRL Configuration Options
- Considerations for a successful RRL deployment
connect with us