On 2012-07-10, Matthew Dempsky <matt...@dempsky.org> wrote: > On Tue, Jul 10, 2012 at 12:34 PM, Peter J. Philipp <p...@centroid.eu> wrote: >> I did this rather fast hoping to get it in for someone I know who is being >> used for a DNS amplifier attack but the final tests broke the hope of >> stopping it with this. > > Tangential, but setting "max-udp-size 512" in BIND will limit how > attractive your DNS server is for DNS amplification attacks.
Also tangential but a lot of the current round of DNS amplification attacks seem to be targetting insecure CPE routers rather than intentional DNS servers.
