Tightened DNS security question re: DNS amplification attacks.

• Previous message (by thread): Tightened DNS security question re: DNS amplification attacks.
• Next message (by thread): Tightened DNS security question re: DNS amplification attacks.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Mark Andrews:

> 	The most common reason for recursive queries to a authoritative
> 	server is someone using dig, nslookup or similar and forgeting
> 	to disable recursion on the request.

dnscache in "forward only" mode also sets the RD bit, and apparently
does not restrict itself to the configured forwarders list.  (This is
based on a public report, not on first-hand knowledge.)

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

• Previous message (by thread): Tightened DNS security question re: DNS amplification attacks.
• Next message (by thread): Tightened DNS security question re: DNS amplification attacks.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]