You DO realize that DNS is (mostly) UDP packets, and an attacker (or in your case, the ADs) can simply send UDP packet floods to kill your firewall (in your current state), regardless how your DNS server is configured, even when the DNS server is down?
Once we had the firewall for DNS, when it get bunk of queries from the suspect addresses, it returns truncating message and indicates the client to use TCP for queries.
-- Email/Jabber/Gtalk: pa...@riseup.net Free DNS Hosting with www.DNSbed.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
