mailing list archives
Re: DNS Amplification attack?
From: Chris Adams <cmadams () hiwaay net>
Date: Wed, 21 Jan 2009 13:27:11 -0600
Once upon a time, Crist Clark <Crist.Clark () globalstar com> said:
Another BIND-specific question since we're on the topic. I see
some of our authorative servers being hit with these spoofs, and
yes, the 9.3.5-P1 (that's what Sun supports in Solaris these
days) were sending back answers from the cache... but wait...
The view the Internet gets only has our authorative zones. There
is no declaration for the root zone, master, slave, or hints.
How does BIND have the root cached in that view? Where did it
get it from? I guess it's hard coded somewhere?
BIND has had the hints compiled in for some time as a fall-back, but for
an auth-only server, "additional-from-cache no;" will kill such
Chris Adams <cmadams () hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
Re: DNS Amplification attack? jay (Jan 21)
- Re: DNS Amplification attack?, (continued)