Re: How to return REFUSED

Thu, 06 May 2021 03:06:18 -0700 

On 05.05.21 21:09, Axel Rau wrote:

        allow-query { any; };
        allow-query-cache { recursive-users; };
        allow-recursion { recursive-users; };

How can I make sure that none recursive-users get a REFUSED if query is 
recursive?


I thought this is the default...

PS: I want to minimize the responses to this amplification attack:
19:05:18.703238 185.230.55.130.30120 > 91.216.35.71.53: [no udp cksum] 1+ 
RRSIG? pizzaseo.com.(30) (ttl 249, id 33043, len 58)
19:05:18.703568 91.216.35.71.53 > 185.230.55.130.30120: [udp sum ok] 1- q: 
RRSIG? pizzaseo.com. 0/13/14 ns: com. NS j.gtld-servers.net., com. NS 
m.gtld-servers.net., com. NS c.gtld-servers.net., com. NS b.gtld-servers.net., 
com. NS d.gtld-servers.net., com. NS e.gtld-servers.net., com. NS 
l.gtld-servers.net., com. NS f.gtld-servers.net., com. NS h.gtld-servers.net., 
com. NS i.gtld-servers.net., com. NS a.gtld-servers.net., com. NS 
k.gtld-servers.net., com. NS g.gtld-servers.net. ar: m.gtld-servers.net. A 
192.55.83.30, l.gtld-servers.net. A 192.41.162.30, k.gtld-servers.net. A 
192.52.178.30, j.gtld-servers.net. A 192.48.79.30, i.gtld-servers.net. A 
192.43.172.30, h.gtld-servers.net. A 192.54.112.30, g.gtld-servers.net. A 
192.42.93.30, f.gtld-servers.net. A 192.35.51.30, e.gtld-servers.net. A 
192.12.94.30, d.gtld-servers.net. A 192.31.80.30, c.gtld-servers.net. A 
192.26.92.30, b.gtld-servers.net. A 192.33.14.30, a.gtld-servers.net. A 
192.5.6.30, m.gtld-servers.net. AAAA 2001:501:b1f9:

:30(490) (ttl 63, id 11754, len 518)

... exactly because of this reason.

Which named version do you run?
do you use views?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to