disabling "Any" requests
sthaug at nethelp.no
sthaug at nethelp.no
Thu Jul 12 15:48:12 UTC 2012
> > Personally I don't know why "dig -t any" would be a problem. It's
> > not exactly the same as doing an axfr transfer of the zone - it still
> > only gets limited information.
>
> They're the current query type du jour for DDoS amplification attacks,
> which I assume the OP is experiencing.
The attackers have already diversified. TXT queries work just as well,
e.g. against wroe.com. Blocking ANY queries is going to a rather short
term "fix".
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the bind-users
mailing list