On 12.01.2016 18:16, Tony Finch wrote: > Tomas Hozza <tho...@redhat.com> wrote: >> >> Recently I was trying to find a mechanism in BIND that could prevent the >> server from processing a recursive query for non-existing domains. > > Have a look at https://www.isc.org/blogs/tldr-resolver-ddos-mitigation/ > >> I was thinking about using RPZ with QNAME policy trigger, but this >> applies only to the responses to queries and still makes the server to >> try to resolve it. > > RPZ has a "qname-wait-recurse no" option.
This is exactly the thing I was looking for. Thank you very much! Tomas > Tony. > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
