...
Of course, it didn't take very long for some nefarious outfit to realize this and set up a DNS amplification attack (see https://www.us-cert.gov/ncas/alerts/TA13-088A) ricocheting off of our open DNS server. To resolve this, we include we added the rate-limit option.
No Format |
---|
rate-limit { responses-per-second 10; }; |