Sign up to access this lesson
Click here to sign up and get access to this lesson!

Saving Progress...
If you recall Response Rate Limiting is a way to prevent amplification attacks on your DNS server.
In our example
- The Bot commander issues a command to many computers (bots)
- Commanding that the bots request several DNS servers to send back data but instead of sending back all that data to the source, the DNS servers are spoofed into sending all the DNS zone data to the target DNS server instead.
- This target server is soon overloaded and what you end up with is a Denial of service or DDOS attack.
That is why we need to configure Response Rate Limiting on our DNS server.
Here are the two RLL commands that we will be using.
- get-DnsServerRRL – Displays the default RRL values
- set-DnsServerRRL – Configures Response Rate Limiting
Open Powershell and type:
- Get-DnsServerRRL and press return
Displayed are the default RLL values. You can change these values with the setDnsServerRRL command.

I’ve provided a chart as part of the documentation that describes all the parameters in detail associated with the command Set-DnsServerRRL.
- Parameters add additional functionality to the basic command.
At the bottom of the chart notice the mode command
Read the description from the video. Here is the short version from the description
- Mode – Set to enable or disable or logOnly. By default set to disabled
- If you set LogOnly – This would tell you what RRL would have done if it had been enabled during an attack. You can set this to LogOnly to see if there is any negative impact by running RRL from your clients.
The Chart (slide 5) below explains each parameter in detail (Sl6)


Let’s go back to PowerShell
To enable RRL type: (SL 7)
- Set-DnsServerRRL -Mode Enable
press return
Click yes or press Y
- Type Set-DnsServerRRL -Mode LogOnly press return
Press Y
Normally in a production environment if you only wanted to test the effects of Response Rate limiting on your network you would not enable RRL you would only use the logonly parameter.
Open Event Viewer
To checkout the log only function by opening the event viewer on the DNS server.
- Click Application and Services Log, Microsoft, Windows, DNS Server, Audit – And you should see RLL_OP
- You can right click on Audit and go to view you can checkout the Show Analytic and Debug Logs. In this case there is nothing there because RRL has not been running.
- Click Audit and then checkout the information log
- That will allow us to see the logs for Response Rate Limiting.
Go back to PowerShell
At the top of your screen you will see this warning: (SL 8)

What this is all about is that there could be a bunch of legitimate queries that come in and if RRL is setup, the DNS server may think that there is a amplification attack when the queries are from a legitimate source.
So, what you can do is setup an exception.
- For example, if you have a subnet such as 192.168.2.50
That you know may have a lot of queries coming in. You can add that subnet to your exception list.
- Add-DnsServerResponseRateLimitingExceptionlist -Name “subnet2” -ServerInterface
“EQ,192.168.2.50”
Here you have a subnet named subnet2 and a server interface with the IP address of 192.168.2.50. What this command is saying is that if a flurry of requests come in on that interface equal to that IP address than let those requests pass.
- To turn off RLL, type Set-DnsServerRRL -Mode disable • To reset RRL back to the defaults type
- Set-DnsServerResponseRateLimiting -ResetToDefault To verify that the settings are back to default type.
- get-DnsServerRRL – Displays the default RRL values
Sign up to access the rest of this lesson
You must either log in or sign up to access this lesson.
CURRICULUM
Course Introduction • 10min
0 / 2 lessons complete
Instructor and Course Introduction
Video | 7 min
What's New in Windows Server 2016 DNS
Free lesson
Video | 3 min
DNS Basics • 56min
0 / 8 lessons complete
What is DNS
Video | 3 min
Installing the DNS Windows Server Role
Video | 6 min
Building DNS Server Quiz
Quiz | 10 Questions
The Hosts File
Video | 4 min
DNS Console Overview
Video | 7 min
Recursive and Iterative Queries
Video | 8 min
DNS Basics LAB
Video | 10 min
DNS Basics Quiz
Quiz | 8 Questions
DNS Resource Records • 45min
0 / 5 lessons complete
DNS Resource Record Types
Video | 3 min
Creating the mytestzone Forward Lookup Zone
Text | 2 min
Creating DNS Resource Records
Video | 4 min
Creating DNS Resource Records Lab
Lab | 30 min
DNS Resource Records Quiz
Quiz | 7 Questions
DNS Zones • 4hr 11min
0 / 12 lessons complete
DNS Zones
Video | 4 min
Creating a Forward and Reverse Lookup Zone
Video | 5 min
Creating a Secondary Zones
Video | 9 min
Stub Zone Creation
Video | 11 min
Active Directory Zone Replication
Video | 12 min
Implementing DNS Forwarding
Video | 8 min
Implementing Conditional DNS Forwarding
Video | 7 min
Forward and Reverse Zone Creation Lab
Lab | 60 min
Creating a Secondary Zone Lab
Lab | 30 min
Conditional Forwarding Lab
Lab | 60 min
Creating a Stub Zone Lab
Lab | 30 min
DNS Zones Quiz
Quiz | 15 Questions
DNS Delegation • 50min
0 / 4 lessons complete
Domain Name System and DNS Delegation
Video | 7 min
Windows 2016 Server and DNS Zone Delegation
Video | 8 min
DNS Delegation Lab
Lab | 30 min
QUIZ - Domain Name System and DNS Delegation
Quiz | 5 Questions
DNS Security Techniques • 36min
0 / 5 lessons complete
DNS Security Techniques Overview
Video | 9 min
Configuring DNS Cache Locking
Video | 5 min
Configuring DNS Socket Pools
Video | 6 min
Configuring Response Rate Limiting
Video | 8 min
DNS Security Techniques Quiz
Quiz | 8 Questions
Advanced DNS Topics • 22min
0 / 5 lessons complete
Overview of Advanced Topics
Video | 1 min
Enabling Round Robin and Netmask Ordering
Video | 5 min
Configuring Recursion
Video | 4 min
IPV4 and IPV6 Root HInts
Video | 6 min
Advanced DNS Topics Quiz
Quiz | 6 Questions
DNS Security (DNSSEC) • 1hr 16min
0 / 6 lessons complete
Windows DNS Security Overview
Video | 7 min
Symmetric vs Asymmetric Encryption
Video | 5 min
Installing DNSSEC on Windows 2016 Server
Video | 12 min
DNSSEC Client Install
Video | 7 min
DNSSEC (DNS Security Lab)
Lab | 30 min
DNSSEC Quiz
Quiz | 15 Questions
DNS Policies • 55min
0 / 6 lessons complete
DNS Policies Background Information
Video | 8 min
Configuring DNS Filtering
Video | 7 min
Configuring Split Brain DNS in an Active Directory Environment
Video | 12 min
Configuring DNS Selective Recursion Policy
Video | 7 min
Configuring a Traffic Management Policy
Video | 11 min
DNS Policies Quiz
Quiz | 10 Questions
PowerShell for DNS • 1hr 27min
0 / 6 lessons complete
PowerShell for DNS Part 1
Video | 2 min
PowerShell for DNS Part 2
Video | 5 min
PowerShell for DNS Part 3
Video | 10 min
PowerShell for DNS Part 4
Video | 5 min
PowerShell for DNS LAB
Lab | 60 min
Powershell for DNS Quiz
Quiz | 5 Questions
Troubleshooting DNS Issues - Troubleshooting Tools • 1hr 39min
0 / 8 lessons complete
Troubleshooting Tools Every IT Pro Must Know
Video | 9 min
The Events Viewer Overview
Video | 6 min
Subscriptions
Video | 9 min
Monitoring and Debug Logging
Video | 9 min
Trouble-Shooting DNS Client Issues
Video | 4 min
Troubleshooting Subscriptions Lab
Lab | 30 min
DNS Troubleshooting Lab
Lab | 30 min
DNS Troubleshooting Quiz
Quiz | 2 Questions