On Wed, Jan 13, 2016 at 8:35 AM, Tomas Hozza <tho...@redhat.com> wrote: > On 12.01.2016 18:16, Tony Finch wrote: >> Tomas Hozza <tho...@redhat.com> wrote: >>> >>> Recently I was trying to find a mechanism in BIND that could prevent the >>> server from processing a recursive query for non-existing domains. >> >> Have a look at https://www.isc.org/blogs/tldr-resolver-ddos-mitigation/ >> >>> I was thinking about using RPZ with QNAME policy trigger, but this >>> applies only to the responses to queries and still makes the server to >>> try to resolve it. >> >> RPZ has a "qname-wait-recurse no" option. > > This is exactly the thing I was looking for. > > Thank you very much! >
Thanks from this end as well--I wasn't aware of this option, either. John _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
