On Tue, Jul 10, 2012 at 12:34 PM, Peter J. Philipp <p...@centroid.eu> wrote: > I did this rather fast hoping to get it in for someone I know who is being > used for a DNS amplifier attack but the final tests broke the hope of > stopping it with this.
Tangential, but setting "max-udp-size 512" in BIND will limit how attractive your DNS server is for DNS amplification attacks.
