nanog mailing list archives

Re: DNS Amplification attack?

From: jay () miscreant org
Date: Wed, 21 Jan 2009 14:25:49 +1100

Quoting Chris Adams <cmadams () hiwaay net>:

Once upon a time, jay () miscreant org <jay () miscreant org> said:

I've also noticed that on a server running BIND 9.3.4-P1 with
recursion disabled, they're still appear to be getting the list of
root NS's from cache, which is a 272-byte response to a 61-byte
request, which by my definition is an amplification.


Add "additional-from-cache no;" to the options{} section of your
named.conf.
--
Chris Adams <cmadams () hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.


Thanks for the response Chris.

I'm running higher versions of BIND, so don't see this behaviour. ButI will pass it on to the ISP in question ;)

Current thread:

Re: DNS Amplification attack?, (continued)
- - Re: DNS Amplification attack? Mark Andrews (Jan 20)
  - Re: DNS Amplification attack? David Coulthart (Jan 21)
- Re: DNS Amplification attack? Kameron Gasso (Jan 20)
  - Re: DNS Amplification attack? Christopher Morrow (Jan 20)
    - Re: DNS Amplification attack? Kameron Gasso (Jan 20)
    - Re: DNS Amplification attack? Christopher Morrow (Jan 20)
    - Re: DNS Amplification attack? Chris Adams (Jan 20)
    - Re: DNS Amplification attack? Stuart Henderson (Jan 21)
- Re: DNS Amplification attack? jay (Jan 20)
  - Re: DNS Amplification attack? Chris Adams (Jan 20)
    - Re: DNS Amplification attack? jay (Jan 20)
  - Re: DNS Amplification attack? Mark Andrews (Jan 20)
    - Re: DNS Amplification attack? Crist Clark (Jan 21)
    - Re: DNS Amplification attack? Chris Adams (Jan 21)
    - Re: DNS Amplification attack? Mark Andrews (Jan 21)
    - Re: DNS Amplification attack? Paul Vixie (Jan 21)
    - Re: DNS Amplification attack? Florian Weimer (Jan 22)