Hello,
Did I miss any feedback on this, or perhaps there isn't any to offer (?)
Thank you.
>
> From: Fr34k
>To: Bindlist
>Sent: Friday, March 9, 2012 10:30 AM
>Subject: DNS Amplification Attack Mitigation
>
>
>
>All,
>
>I am (we all are (?)) interested in techniques for mitigating DNS
>amplification attacks for both recursive and authoritative BIND servers
>(versions 9.x).
>
>
>Google found http://www.secureworks.com/research/threats/dns-amplification/
>and http://www.publicsafety.gc.ca/prg/em/ccirc/2009/av09-011-eng.aspx
>which mention limiting clients via ACLs and using "additional-from-cache no;"
>as mitigation techniques.
>
>
>Good articles, but written several years ago so there might be additional
>configuration suggestions from the community since 2009.
>Are there and, if so, what are they?
>Perhaps said another way, what other named.conf settings could we be looking
>at in this effort?
>
>
>Thank you.
>
>___
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>from this list
>
>bind-users mailing list
>bind-users@lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users
>
>
>___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
