Am 30.10.2015 um 18:01 schrieb David B Funk:
On Fri, 30 Oct 2015, Reindl Harald wrote:Am 29.10.2015 um 01:06 schrieb Martin Gregorie:If you don't understand how to install and configure a DNS server and prefer printed material to online documents, get the O'Reilly book "DNS and BIND"no need for use bind at all for cahcing nameservers, unbound is much faster for *that* task and works more or less out-of-the-box unbound.conf on our inbound MX while all production nameservers with authoritative zones are bind[snip..] Just be sure to set the access-control correctly to prevent use/abuse by remote attackers. Open recursive DNS servers are a favorite DDOS tool
well, you snipped that part..... interface: 127.0.0.1 access-control: 127.0.0.0/8 allowfor DDOS it don't matter if is a recursive or a authoritative nameserver, ANY records of auth servers without respone rate limiting are amplification enough
signature.asc
Description: OpenPGP digital signature
