Maintained by: NLnet Labs

[Unbound-users] Unbound as public DNSSEC resolver

lst_hoe02 at kwsoft.de
Wed Oct 13 18:24:05 CEST 2010


Zitat von lst_hoe02 at kwsoft.de:

> Zitat von lst_hoe02 at kwsoft.de:
>
>> Ups, sorry. I forgot to disable S/MIME for the list-mail.
>>
>> But the question remains:
>>
>> What is "best practice" to limit the resources used and to be a  
>> good citizen when using unbound as public DNSSEC aware resolver, or  
>> is it no recommended at all?
>>
>
> Still no answer for this one so i guess it is not recommended at all...
>

Okay, so it boils down to the danger of being used as amplification in  
a DoS with spoofed UDP source IP addresses. I will see what can be  
done with ipt_recent and low resource settings to avoid DoS  
amplification as much as possible.

Thanks

Andreas