th IP matching any of the
root server IP and source port :53 on DNS cache servers, so we will
avoid loading root servers with this spoofed reply.
I hope this does not drop legitimate traffic so let me know if this is a
bad idea. :)
best regards,
ck most active open
resolvers and coordinate with local CERT.
It would be nice to have some kind of rate limits for query volume of
different hosts inside a single zone.
Best regards,
Ivo
On 2/27/14 7:59 AM, Dmitry Rybin wrote:
> Over 2 weeks ago begins flood. A lot of queries:
>
> niqcs.
Ben,
No, our server is not an open resolver, we have a large user community
and the problem is that users install their own wifi box like Zyxel or
similar which may have open resolver by default.
Ivo
On 2/27/14 5:18 PM, Ben Croswell wrote:
>
> I guess I am missing why anyone on the in
RPZ cannot rewrite servfail, it is designed to replace a valid response.
On 2/28/14 11:42 AM, Jason Brown wrote:
>
> Isn't this where RPZ comes in? Using RPZ means it is quicker and
> easier to null amplification, also easier to remove if you do all this
> with nsupdate, you can also create a webp
/lGeWxw4Elw/TWAu7rlZtVWPEtbLA4Fp6DO9sQ9Uh2i
g3Ghd2LQ2excrzRj8FAuJ8SMwsCb4TRCm06hb4U5dW6L8zD3UmfwX3EI
2AyaQ3vGhfeMKCCKKua8gzxsfcpqOqkPYYTszdCFjG1KfatCYEwvEJyf VXPkZbH9
Has anyone else had a similar problem with the signing tool?
Thanks,
Ivo
___
bind-users
5 matches
Mail list logo
