All,
I am (we all are (?)) interested in techniques for mitigating DNS amplification attacks for both recursive and authoritative BIND servers (versions 9.x). Google found http://www.secureworks.com/research/threats/dns-amplification/ and http://www.publicsafety.gc.ca/prg/em/ccirc/2009/av09-011-eng.aspx which mention limiting clients via ACLs and using "additional-from-cache no;" as mitigation techniques. Good articles, but written several years ago so there might be additional configuration suggestions from the community since 2009. Are there and, if so, what are they? Perhaps said another way, what other named.conf settings could we be looking at in this effort? Thank you. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
