DNS Amplification attack?

• Previous message (by thread): DNS Amplification attack?
• Next message (by thread): DNS Amplification attack?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Once upon a time, Crist Clark <Crist.Clark at globalstar.com> said:
> Another BIND-specific question since we're on the topic. I see
> some of our authorative servers being hit with these spoofs, and
> yes, the 9.3.5-P1 (that's what Sun supports in Solaris these
> days) were sending back answers from the cache... but wait...
> what cache?
> 
> The view the Internet gets only has our authorative zones. There
> is no declaration for the root zone, master, slave, or hints.
> How does BIND have the root cached in that view? Where did it
> get it from? I guess it's hard coded somewhere?

BIND has had the hints compiled in for some time as a fall-back, but for
an auth-only server, "additional-from-cache no;" will kill such
responses.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

• Previous message (by thread): DNS Amplification attack?
• Next message (by thread): DNS Amplification attack?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]