Hacker News new | past | comments | ask | show | jobs | submit login

A former coworker and I used to do friendly red-team/blue-team challenges with each other. He tunneled traffic through a test DNS server and my goal was to limit the usefulness or block it. Blocking it was very difficult. I had to limit window sizes. Unbound can do this native. With bind I had to use iptables. Both Unbound and Bind could limit the packet rate. Unbound had the most granular controls around limits per domain/tld/ip.

Tampering with window sizes would most certainly break some things, like DNSSEC and zone transfers.

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact