Thanks for all. But the strange thing is that if the request comes on 53 port then it should go only from 53 is it?? Why goes out from 0, any clue would be highly appreciate.
Regards Ejaz -----Original Message----- From: Tony Finch [mailto:d...@dotat.at] Sent: Tuesday, July 26, 2016 4:12 PM To: S Carr <sjc...@gmail.com> Cc: Ejaz <me...@cyberia.net.sa>; bind-users <bind-users@lists.isc.org> Subject: Re: outgoing-traffic S Carr <sjc...@gmail.com> wrote: > > You might want to check whether the requests are legitimate before > completely blocking them, rate limiting would be a better option. Remember this is TCP traffic. RRL is designed to deal with spoofed UDP traffic. It can actually make non-spoofed floods worse, because RRL pushes UDP traffic to TCP, and TCP is very easy to saturate. You might find it helps to avoid truncated responses, e.g. by turning on the minimal-responses option. (See also minimal-any in BIND 9.11) Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Southeast Iceland: Northerly or northwesterly 5 to 7, occasionally gale 8 until later in north. Moderate or rough. Occasional rain, fog patches. Moderate or good, occasionally very poor. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
