Dear NSD users,
Here is the release candidate for NSD 3.2.15. This comes with ILNP
support, NSD-RRL and different TSIG initialization (it fails if it can't
find no suitable algorithms, instead of can't find 'one of the'). Plus
some bugfixes.
The NSD-RRL implementation is based on the work by Vixie and Schryver.
However, because of the code-diversity argument that is at the basis of
NSD work but also because of specifics of the NSD architecture, it is an
independent implementation.
The implementation shares the main ideas that prevent false positives:
the fallback to TCP and a fine grained (albeit different) query
classification mechanism. See
https://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/ for some of the
details.
RRL is not enabled by default. Although we are confident about code
stability, did extensive testing, and a performed a usual beta-release
cycle which gave the code exposure, the methodology is rather new and
there is relatively little operational experience. You can enable RRL
with the build option '--enable-ratelimit':
$ ./configure --enable-ratelimit
We advice prudent monitoring. Within NSD one can monitor RRL being
turned on or off for specific query patterns when verbosity set to level
2 or higher.
Best regards,
Matthijs
link: http://www.nlnetlabs.nl/downloads/nsd/nsd-3.2.15.tar.gz
sha1: e31a81ab7877422b34e1f163f9509cd93f395664
NSD RELEASE NOTES
3.2.15