How to suppress ADDITIONAL SECTION per zone
Steven Carr
sjcarr at gmail.com
Mon Jul 1 11:13:14 UTC 2013
If these are authoritative DNS servers then just enable
minimal-responses, so clients will only ever get the records that they
requested.
Steve
On 1 July 2013 12:02, blrmaani <blrmaani at gmail.com> wrote:
> We are noticing that a handful of our domains are being used for amplification attacks and we would like to reduce outgoing (DNS response) packet size.
>
> One solution is to reduce the additional sections in the response for these handful zones and I would like to know if there is any way to add something similar to "additional-from-auth no" per zone basis and achieve what I want.
>
>
> On Monday, June 24, 2013 1:13:24 AM UTC-7, Steven Carr wrote:
>> On 24 June 2013 08:14, Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
>>
>> > You still have not answered my question, so I repeat it:
>>
>> >
>>
>> >>> > What is the point of your question?
>>
>> >
>>
>>
>>
>> I think what Matus wants to know is your reasoning/problem/issue about
>>
>> not returning records from the cache for those zones?
>>
>>
>>
>> The answer is no you can't restrict it to zones only to global or a
>>
>> view, but if you can give us some more information on what/why then we
>>
>> may be able to help come up with some other solution that would help.
>>
>>
>>
>> Steve
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list