Tightened DNS security question re: DNS amplification attacks.
Florian Weimer
fweimer at bfk.de
Thu Jan 29 13:01:15 UTC 2009
* Mark Andrews:
> The most common reason for recursive queries to a authoritative
> server is someone using dig, nslookup or similar and forgeting
> to disable recursion on the request.
dnscache in "forward only" mode also sets the RD bit, and apparently
does not restrict itself to the configured forwarders list. (This is
based on a public report, not on first-hand knowledge.)
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the NANOG
mailing list