DNS security, amplification attacks and recursion
Brett Delmage
Brett at BrettDelmage.ca
Tue Jul 7 18:21:13 UTC 2020
On Tue, 7 Jul 2020, Tony Finch wrote:
> Reduce the size of responses to ANY queries, which are a favourite tool of
> amplification attacks. There's basically no downside to this one, in my
> opinion, but I'm biased because I implemented it.
>
> minimal-any yes;
Why only reduce and not eliminate?
Can ANY responses be disabled completely with an option?
This article at cloudflare
https://blog.cloudflare.com/deprecating-dns-any-meta-query-type/
states that they have deprecated it because it wasn't being used. They
should know! This was posted over 5 years ago, in 2015.
Brett
More information about the bind-users
mailing list