DNS Amplification attack?

Chris Adams cmadams at hiwaay.net
Wed Jan 21 19:27:11 UTC 2009

Once upon a time, Crist Clark <Crist.Clark at globalstar.com> said:
> Another BIND-specific question since we're on the topic. I see
> some of our authorative servers being hit with these spoofs, and
> yes, the 9.3.5-P1 (that's what Sun supports in Solaris these
> days) were sending back answers from the cache... but wait...
> what cache?
> The view the Internet gets only has our authorative zones. There
> is no declaration for the root zone, master, slave, or hints.
> How does BIND have the root cached in that view? Where did it
> get it from? I guess it's hard coded somewhere?

BIND has had the hints compiled in for some time as a fall-back, but for
an auth-only server, "additional-from-cache no;" will kill such
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

More information about the NANOG mailing list