How to suppress ADDITIONAL SECTION per zone
blrmaani
blrmaani at gmail.com
Mon Jul 1 11:02:45 UTC 2013
We are noticing that a handful of our domains are being used for amplification attacks and we would like to reduce outgoing (DNS response) packet size.
One solution is to reduce the additional sections in the response for these handful zones and I would like to know if there is any way to add something similar to "additional-from-auth no" per zone basis and achieve what I want.
On Monday, June 24, 2013 1:13:24 AM UTC-7, Steven Carr wrote:
> On 24 June 2013 08:14, Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
>
> > You still have not answered my question, so I repeat it:
>
> >
>
> >>> > What is the point of your question?
>
> >
>
>
>
> I think what Matus wants to know is your reasoning/problem/issue about
>
> not returning records from the cache for those zones?
>
>
>
> The answer is no you can't restrict it to zones only to global or a
>
> view, but if you can give us some more information on what/why then we
>
> may be able to help come up with some other solution that would help.
>
>
>
> Steve
More information about the bind-users
mailing list