Re: allow-query does not seem to be working

On 08/08/2016 20:59, Frank Even wrote: > Thanks for the info. Also I'll have to note that I completely missed > that the "offending IP" is one of the .uk root servers so the next > logical conclusion is I've probably got a box in one of my environments > driving an amplification attack of some

Re: allow-query does not seem to be working

Thanks for the info. Also I'll have to note that I completely missed that the "offending IP" is one of the .uk root servers so the next logical conclusion is I've probably got a box in one of my environments driving an amplification attack of some sort or something at those IPs that I need to

Re: allow-query does not seem to be working

On 08/08/2016 18:43, Darcy Kevin (FCA) wrote: > As already noted, allow-query will cause you to send back a REFUSED > response. That’s sort of the whole point of the REFUSED RCODE. > > > > If you want to not send back any response **whatsoever**, then take a > look at the “blackhole”

RE: allow-query does not seem to be working

As already noted, allow-query will cause you to send back a REFUSED response. That’s sort of the whole point of the REFUSED RCODE. If you want to not send back any response *whatsoever*, then take a look at the “blackhole” statement, but, honestly, this kind of “drop” function may, depending

Re: allow-query does not seem to be working

On 6 August 2016 at 21:41, Frank Even wrote: > If an IP is not allowed as part of an "allow-query" statement, should the > name server still be returning any responses? I would have expected the response to be one of REFUSED.