On 01/07/13 12:02, blrmaani wrote:
We are noticing that a handful of our domains are being used for
amplification attacks and we would like to reduce outgoing (DNS
response) packet size.
One solution is to reduce the additional sections in the response for
these handful zones and I would like to know if there is any way to
add something similar to "additional-from-auth no" per zone basis and
achieve what I want.
Well, the bind ARM contains all valid per-zone options. If you look at
it, you'll see there are no per-zone options to control response
content. So no, sorry, you can't do this. You'll need to do it globally,
or use RRL patches (or both).
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
