Hi Andrija, Yes, it's on a shared network with public IP in advanced zone. So far I don't see similar issues on my VPC's VRs, but it could be because the IP is not known, unlike the VR on a shared network which will automatically use the second IP on the subnet after the gateway (e.g. x.x.x.2).
Is there a way to configure dnsmasq not to response to recursive queries? Thank you. On Mon, Dec 15, 2014 at 8:22 PM, Andrija Panic <andrija.pa...@gmail.com> wrote: > > Indra, did you observe this on Shared Network - I had same issue with > Shared Network (public IPs) in Advanced Zone. > > I think VR for VPC is NOT a problem... > > On 15 December 2014 at 13:13, Indra Pramana <in...@sg.or.id> wrote: > > > > Dear all, > > > > We are using CloudStack 4.2.0 with KVM hypervisors. > > > > Is there a way to prevent our virtual routers (VRs) to be targeted by DNS > > amplification attack? It seems that the DNS services on dnsmasq running > on > > the VRs are by default recursive, causing it to easily be targeted for > DNS > > amplification attack. > > > > Any advice on how to overcome this? > > > > Looking forward to your reply, thank you. > > > > Cheers. > > > > > -- > > Andrija Panić >
