...
Of course, it didn't take very long for some nefarious outfit to realize this and set up a DNS amplification attack (see https://www.us-cert.gov/ncas/alerts/TA13-088A) ricocheting off of our open DNS server. To resolve this, we include we added the rate-limit option.
| No Format |
|---|
rate-limit {
responses-per-second 10;
};
|