Am 01.12.20 um 17:15 schrieb Karl Pielorz:
--On 1 December 2020 at 08:24:50 -0600 Lyle Giese <l...@lcrcomputer.net>
wrote:
You need to look at the reply named sends when it trips and starts
limiting UDP traffic source from a given IP address. It tells the
requestor to try again using TCP instead of UDP.
So if the requestor is a legit dns server, it will retry using TCP and
still get a valid answer.
Named does not blindly just drop traffic.
Hmmm, I thought it did for RRL limit hits? (i.e. that's the point - to
stop sending responses)
irrelevant in context of TCP where forged source with the IP of the
victim don't survive a handshake
the point of dns amplification over UDP is that the response of ANY
queries is dramatically larger then the inbound package and no handshake
is needed
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
