1. Forum
  2. Usenet
  3. COMP.PROTOCOLS.DNS.BIND

  • issue of Amplification attack

    From Michael De Roover@21:1/5 to ShubhamGoyal on Sun Jul 12 12:48:56 2020
    There was a very interesting conversation about this last week. See https://www.mail-archive.com/bind-users@lists.isc.org/msg29187.html.

    On 7/12/20 6:23 AM, ShubhamGoyal wrote:
    Dear sir,
                             Thank you  for give me answer for my previous
    question,  Sir now we are suffer from amplification attack so is there
    any method in bind to stop DNS Amplification attack.
    I am thinking to stop or drop ANY type queries from our DNS Recursive resolver , so please tell me how can we drop or stop ANY type queries
    from bind.
    --
    Met vriendelijke groet / Best regards,
    Michael De Roover

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From kremels@kreme.com@21:1/5 to bind-users on Sun Jul 12 07:09:53 2020
    On 12 Jul 2020, at 06:28, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
    On 7/12/20 6:23 AM, ShubhamGoyal wrote:
    I am thinking to stop or drop ANY type queries from our DNS Recursive resolver , so please tell me how can we drop or stop ANY type queries from bind.

    Don't do this.

    On 12.07.20 12:48, Michael De Roover wrote:
    There was a very interesting conversation about this last week. See https://www.mail-archive.com/bind-users@lists.isc.org/msg29187.html.

    alternative link: https://lists.isc.org/pipermail/bind-users/2020-July/103389.html

    Specifically read this message before you decide you want to disable responses to ANY.

    <https://lists.isc.org/pipermail/bind-users/2020-July/103399.html>



    --
    "I can't see the point in the theatre. All that sex and violence. I
    get enough of that at home. Apart from the sex, of course." -
    Baldrick

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Matus UHLAR - fantomas@21:1/5 to Michael De Roover on Sun Jul 12 14:28:50 2020
    On 7/12/20 6:23 AM, ShubhamGoyal wrote:
                            Thank you  for give me answer for my
    previous question,  Sir now we are suffer from amplification attack
    so is there any method in bind to stop DNS Amplification attack.
    I am thinking to stop or drop ANY type queries from our DNS
    Recursive resolver , so please tell me how can we drop or stop ANY
    type queries from bind.

    On 12.07.20 12:48, Michael De Roover wrote:
    There was a very interesting conversation about this last week. See >https://www.mail-archive.com/bind-users@lists.isc.org/msg29187.html.

    alternative link: https://lists.isc.org/pipermail/bind-users/2020-July/103389.html

    I find it more readable.

    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    (R)etry, (A)bort, (C)ancer

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Reindl Harald@21:1/5 to All on Sun Jul 12 08:49:23 2020
    Am 12.07.20 um 06:23 schrieb ShubhamGoyal:
    Dear sir,
    Thank you  for give me answer for my previous
    question,  Sir now we are suffer from amplification attack so is there
    any method in bind to stop DNS Amplification attack.
    I am thinking to stop or drop ANY type queries from our DNS Recursive resolver , so please tell me how can we drop or stop ANY type queries
    from bind.

    there where a recent discussion you missed in the past few days, our
    config for years:

    options {
    .......
    minimal-responses yes;
    minimal-any yes;
    rate-limit
    {
    responses-per-second 10;
    window 5;
    };
    }

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)