[110865] in North American Network Operators' Group
Re: DNS Amplification attack?
daemon@ATHENA.MIT.EDU (jay@miscreant.org)
Tue Jan 20 22:25:54 2009
Date: Wed, 21 Jan 2009 14:25:49 +1100
From: jay@miscreant.org
To: nanog@nanog.org
In-Reply-To: <20090121031750.GC1540104@hiwaay.net>
Errors-To: nanog-bounces@nanog.org
Quoting Chris Adams <cmadams@hiwaay.net>:
> Once upon a time, jay@miscreant.org <jay@miscreant.org> said:
>> I've also noticed that on a server running BIND 9.3.4-P1 with
>> recursion disabled, they're still appear to be getting the list of
>> root NS's from cache, which is a 272-byte response to a 61-byte
>> request, which by my definition is an amplification.
>
> Add "additional-from-cache no;" to the options{} section of your
> named.conf.
> --
> Chris Adams <cmadams@hiwaay.net>
> Systems and Network Administrator - HiWAAY Internet Services
> I don't speak for anybody but myself - that's enough trouble.
>
>
Thanks for the response Chris.
I'm running higher versions of BIND, so don't see this behaviour. But
I will pass it on to the ISP in question ;)
