If these are authoritative DNS servers then just enable minimal-responses, so clients will only ever get the records that they requested.
Steve On 1 July 2013 12:02, blrmaani <blrma...@gmail.com> wrote: > We are noticing that a handful of our domains are being used for > amplification attacks and we would like to reduce outgoing (DNS response) > packet size. > > One solution is to reduce the additional sections in the response for these > handful zones and I would like to know if there is any way to add something > similar to "additional-from-auth no" per zone basis and achieve what I want. > > > On Monday, June 24, 2013 1:13:24 AM UTC-7, Steven Carr wrote: >> On 24 June 2013 08:14, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: >> >> > You still have not answered my question, so I repeat it: >> >> > >> >> >>> > What is the point of your question? >> >> > >> >> >> >> I think what Matus wants to know is your reasoning/problem/issue about >> >> not returning records from the cache for those zones? >> >> >> >> The answer is no you can't restrict it to zones only to global or a >> >> view, but if you can give us some more information on what/why then we >> >> may be able to help come up with some other solution that would help. >> >> >> >> Steve > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
