nanog mailing list archives
Re: DNS Amplification attack?
From: Chris Adams <cmadams () hiwaay net>
Date: Tue, 20 Jan 2009 21:17:50 -0600
Once upon a time, jay () miscreant org <jay () miscreant org> said:
I've also noticed that on a server running BIND 9.3.4-P1 with recursion disabled, they're still appear to be getting the list of root NS's from cache, which is a 272-byte response to a 61-byte request, which by my definition is an amplification.
Add "additional-from-cache no;" to the options{} section of your named.conf. -- Chris Adams <cmadams () hiwaay net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Current thread:
- Re: DNS Amplification attack?, (continued)
- Re: DNS Amplification attack? David W. Hankins (Jan 20)
- Re: DNS Amplification attack? Mark Andrews (Jan 20)
- Re: DNS Amplification attack? David Coulthart (Jan 21)
- Re: DNS Amplification attack? Kameron Gasso (Jan 20)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? Kameron Gasso (Jan 20)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? Chris Adams (Jan 20)
- Re: DNS Amplification attack? Stuart Henderson (Jan 21)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? David W. Hankins (Jan 20)
- Re: DNS Amplification attack? jay (Jan 20)
- Re: DNS Amplification attack? Chris Adams (Jan 20)
- Re: DNS Amplification attack? jay (Jan 20)
- Re: DNS Amplification attack? Mark Andrews (Jan 20)
- Re: DNS Amplification attack? Crist Clark (Jan 21)
- Re: DNS Amplification attack? Chris Adams (Jan 21)
- Re: DNS Amplification attack? Mark Andrews (Jan 21)
- Re: DNS Amplification attack? Paul Vixie (Jan 21)
- Re: DNS Amplification attack? Florian Weimer (Jan 22)
- Re: DNS Amplification attack? Chris Adams (Jan 20)