On 8/2/22 17:30, Nathan Ollerenshaw via bind-users wrote:
On 8/2/22 1:02 PM, Robert Moskowitz wrote:
Recently I have been having problems with my server not responding to
my requests. I thought it was all sorts of issues, but I finally
looked at the logs and:
You're being used as an unwilling participant in a DNS amplification
attack.
Reconfigure your server to not be a public recursive DNS server. Only
respond to requests for your zones.
If you are also providing caching DNS for clients, use views to only
allow those clients to use the server for recursive lookups.
My clients use my internal view. My external view has:
match-clients { any; };
match-destinations { any; };
allow-query { any; };
allow-query-cache { localhost; };
recursion no;
I am way behind the times, as I really have not made any significant
changes to my config for a couple years. Things have been stable.
And I am running CentOS7-arm which only has 9.11.4...
BTW, I am in the market for a 'affordable' DNS box to run here and get
out of the business of maintaining my own software. I am approaching
72, and not something I want to do anymore. And I have not see a
service provider that would let me really config my own zone files...
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users