Am 30.11.20 um 11:12 schrieb Marc Roos:
Are newer version of bind still logging like this Nov 30 10:10:02 ns0 named[1303]: rate-limit: info: limit responses to 3.9.41.0/24 Nov 30 10:10:02 ns0 named[1303]: rate-limit: info: limit responses to 35.177.154.0/24 Nov 30 10:10:02 ns2 named[1241]: rate-limit: info: limit responses to 35.177.154.0/24 Nov 30 10:10:02 ns2 named[1241]: rate-limit: info: limit responses to 3.9.41.0/24 I already reported, that it is not to smart to log 3.9.41.0/24, better could be logged 3.9.41.100/24 so you know the offending ip
there is nothing like an "offending ip" in case of dns-amplification which is usually what happens in context of RRL
it's the forged destination of the attack you see and nothing else _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
