Event banner

Implementing Response Rate Limiting (RRL) in Windows Server

Event Ended
Thursday, Mar 28, 2024, 10:30 AM PDT
Online

Event details

Dive into the critical aspects of Response Rate Limiting in Windows Server, a key mechanism for fortifying your system's security and resilience. As organizations face an ever-evolving threat landscape, it becomes imperative to implement robust defenses against potential attacks. Response Rate Limiting is a powerful feature in Windows Server that aids in safeguarding your infrastructure by controlling the rate at which certain types of responses are processed. By strategically managing the volume of responses, administrators can mitigate the impact of brute force attacks, DDoS attempts, and other malicious activities targeting network resources.

Speaker: Gulnaz Mushtaq

 

Thanks for tuning in to the Windows Server Summit on demand!

Char_Cheesman
Updated Dec 27, 2024

12 Comments

  • Char_Cheesman's avatar
    Char_Cheesman
    Bronze Contributor
    Mar 29, 2024

    Thank you for joining us this week for the Windows Server Summit! Q&A is now closed, but all sessions are available on demand so you can watch and learn when it is convenient for you. We hope you enjoyed the event.

  • Karl-WE's avatar
    Karl-WE
    MVP
    Mar 28, 2024

    GulnazMushtaq great session! Looking forward to this feature. 
    Hope you do not mind my comment but you can also drill down the event log for DNS directly from Server Manager.

    Local (RDP): Server Manager Navigate to DNS on the left pane. Scroll down to Event log section.
    Remote: Server Manager > Add DNS servers > Navigate to DNS on the left pane > Scroll down to Event log section > Select one or more DNS servers you have added that are listed above. 

    This allows you to search in the event logs that belong to DNS only. You can also create custom filters and save them etc. 


  • Karl-WE's avatar
    Karl-WE
    MVP
    Mar 28, 2024
    Where can we expect to control this? In old MMC, or only PowerShell? Do you consider bringing this to the DNS server WAC extension?
    • GulnazMushtaq's avatar
      GulnazMushtaq
      Learn Expert
      Mar 30, 2024
      Response Rate Limiting (RRL) is an enhancement to DNS server implementation that helps mitigate DNS amplification attacks. We can control this by using PowerShell commands in Windows Server 2016 and its successors. RRL configuration was not natively available in the old MMC. The Windows Admin Center (WAC) is a modern web-based management tool for Windows Server. Although RRL is not natively part of the DNS server WAC extension, it’s a valuable feature that could enhance security.
  • Karl-WE's avatar
    Karl-WE
    MVP
    Mar 28, 2024
    Suspect the usual DNS protocol is used to for the server to identify the sender that requires to be "silenced"? So, is this the IPv4/v6 address / or also its DNS / FQDN name?
  • Char_Cheesman's avatar
    Char_Cheesman
    Bronze Contributor
    Mar 28, 2024

    Welcome! Implementing Response Rate Limiting (RRL) in Windows Server is starting now. If you have any questions or feedback for our product teams, please post them here in the Comments.

Date and Time
Mar 28, 202410:30 AM - 11:00 AM PDT