DNS Amplification attack?

Chris Adams cmadams at hiwaay.net
Tue Jan 20 21:17:50 CST 2009


Once upon a time, jay at miscreant.org <jay at miscreant.org> said:
> I've also noticed that on a server running BIND 9.3.4-P1 with  
> recursion disabled, they're still appear to be getting the list of  
> root NS's from cache, which is a 272-byte response to a 61-byte  
> request, which by my definition is an amplification.

Add "additional-from-cache no;" to the options{} section of your
named.conf.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.




More information about the NANOG mailing list