nanog mailing list archives
Re: DNS Amplification attack?
From: Chris Adams <cmadams () hiwaay net>
Date: Wed, 21 Jan 2009 13:27:11 -0600
Once upon a time, Crist Clark <Crist.Clark () globalstar com> said:
Another BIND-specific question since we're on the topic. I see some of our authorative servers being hit with these spoofs, and yes, the 9.3.5-P1 (that's what Sun supports in Solaris these days) were sending back answers from the cache... but wait... what cache? The view the Internet gets only has our authorative zones. There is no declaration for the root zone, master, slave, or hints. How does BIND have the root cached in that view? Where did it get it from? I guess it's hard coded somewhere?
BIND has had the hints compiled in for some time as a fall-back, but for an auth-only server, "additional-from-cache no;" will kill such responses. -- Chris Adams <cmadams () hiwaay net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Current thread:
- Re: DNS Amplification attack?, (continued)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? Kameron Gasso (Jan 20)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? Chris Adams (Jan 20)
- Re: DNS Amplification attack? Stuart Henderson (Jan 21)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? jay (Jan 20)
- Re: DNS Amplification attack? Chris Adams (Jan 20)
- Re: DNS Amplification attack? jay (Jan 20)
- Re: DNS Amplification attack? Mark Andrews (Jan 20)
- Re: DNS Amplification attack? Crist Clark (Jan 21)
- Re: DNS Amplification attack? Chris Adams (Jan 21)
- Re: DNS Amplification attack? Mark Andrews (Jan 21)
- Re: DNS Amplification attack? Paul Vixie (Jan 21)
- Re: DNS Amplification attack? Florian Weimer (Jan 22)
- Re: DNS Amplification attack? Chris Adams (Jan 20)