> On 13 Apr 2021, at 11:31, Julien Salort <lis...@salort.eu> wrote:
>
> Is there really a usefulness to reply with code 5, instead of silently
> ignoring the request?
Yes, we do it.
imagine a customer who uses to connect from different locations (hence
different ISPs) and for whatever
reason keeps a static list of resolvers in resolv.conf.
If the customer queries your DNS servers from a non authorized location and
they ignore the request you
will force the resolver to time out. If, however, the query is refused, the
resolver will send it to the next
server in the list.
Being short messages means they are useless for a DDoS. Anyway we keep an eye
on it.
Borja.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
