id	author	title	date	pages	extension	mime	words	sentences	flesch	summary	cache	txt
kb-isc-org-5533		Introduction to Response Rate Limiting (RRL)			.html	text/html	819	69	68	In such an attack, the attacker sends high volumes of forged DNS queries to a large number of authoritative DNS servers, using the victim computer's IP address as the source of the request. RRL helps mitigate DNS denial-of-service attacks by reducing the rate at which authoritative servers respond to high volumes of malicious queries. DNS server software such as BIND cannot tell by examining a particular packet whether the source address in that packet is real or fraudulent. Small DNS queries can generate large responses, allowing the attacker to send a lot less traffic than the victim receives, thereby amplifying the attack. By using an authoritative DNS server as an unwitting accomplice, an attacker can achieve a nearly 100-fold increase in the amount of traffic that being directed at the victim and they can conceal the source of the attack as well. Using the Response Rate Limiting Feature outlines how to use the RRL feature in BIND 9.10.	./cache/kb-isc-org-5533.html	./txt/kb-isc-org-5533.txt