On 8/2/22 17:30, Nathan Ollerenshaw via bind-users wrote:
On 8/2/22 1:02 PM, Robert Moskowitz wrote:
Recently I have been having problems with my server not responding to my requests.  I thought it was all sorts of issues, but I finally looked at the logs and:

You're being used as an unwilling participant in a DNS amplification attack.

Reconfigure your server to not be a public recursive DNS server. Only respond to requests for your zones.

If you are also providing caching DNS for clients, use views to only allow those clients to use the server for recursive lookups.


My clients use my internal view.  My external view has:

    match-clients        { any; };
    match-destinations    { any; };
    allow-query        { any; };
    allow-query-cache    { localhost; };
    recursion no;

I am way behind the times, as I really have not made any significant changes to my config for a couple years.  Things have been stable.

And I am running CentOS7-arm which only has 9.11.4...

BTW, I am in the market for a 'affordable' DNS box to run here and get out of the business of maintaining my own software.  I am approaching 72, and not something I want to do anymore.  And I have not see a service provider that would let me really config my own zone files...

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to