DNSTAP is used extensively by most open-source DNS components to report on events passing through their query or response phases. Processing DNSTAP messages at large volumes and with highly customizable capabilities is a function of the Vector open-source streaming data processor.
This talk is an introduction and lessons-learned summary of Quad9's implementation of Vector as a DNSTAP...
In this presentation we take a look at both recent and long-term changes in query names received by root name servers, especially those that could be considered as leakage or name collisions. The Internet community has long been aware of this undesirable behavior, yet such traffic persists over long periods of time and new cases continue to appear. Using data from DNS-OARC's Day In the Life...
We present our approach to protecting against denial-of-service attacks, implemented in Knot Resolver. It consists of two parts: rate-limiting and prioritization.
Rate-limiting counts requests originating from the same host and/or network and restricts those that are over the set limits; it serves primarily to mitigate amplification attacks.
Prioritization reorders waiting requests based...
