On 12/07/12 15:16, Lightner, Jeff wrote:
Personally I don't know why "dig -t any" would be a problem. It's not exactly the same as doing an axfr transfer of the zone - it still only gets limited information.
They're the current query type du jour for DDoS amplification attacks, which I assume the OP is experiencing.
Personally I feel it's a mistake to focus on the query type; as others have pointed out, DNSSEC-signed TXT/SPF records are large, and plentiful. Best just focus on query rate.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
