[110863] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DNS Amplification attack?

daemon@ATHENA.MIT.EDU (Chris Adams)
Tue Jan 20 22:17:55 2009

Date: Tue, 20 Jan 2009 21:17:50 -0600
From: Chris Adams <cmadams@hiwaay.net>
To: nanog@nanog.org
Mail-Followup-To: Chris Adams <cmadams@hiwaay.net>, nanog@nanog.org
In-Reply-To: <20090121140825.xwdzd4p64kgwo4go@web1.nswh.com.au>
Errors-To: nanog-bounces@nanog.org

Once upon a time, jay@miscreant.org <jay@miscreant.org> said:
> I've also noticed that on a server running BIND 9.3.4-P1 with  
> recursion disabled, they're still appear to be getting the list of  
> root NS's from cache, which is a 272-byte response to a 61-byte  
> request, which by my definition is an amplification.

Add "additional-from-cache no;" to the options{} section of your
named.conf.
-- 
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[110863] in North American Network Operators' Group

Re: DNS Amplification attack?

daemon@ATHENA.MIT.EDU (Chris Adams)Tue Jan 20 22:17:55 2009

daemon@ATHENA.MIT.EDU (Chris Adams)
Tue Jan 20 22:17:55 2009