How to return REFUSED

[Matus UHLAR - fantomas]

On 05.05.21 21:09, Axel Rau wrote:
>	allow-query { any; };
>	allow-query-cache { recursive-users; };
>	allow-recursion { recursive-users; };
>
>How can I make sure that none recursive-users get a REFUSED if query is recursive?

I thought this is the default...
>PS: I want to minimize the responses to this amplification attack:
>19:05:18.703238 185.230.55.130.30120 > 91.216.35.71.53: [no udp cksum] 1+ RRSIG? pizzaseo.com.(30) (ttl 249, id 33043, len 58)
>19:05:18.703568 91.216.35.71.53 > 185.230.55.130.30120: [udp sum ok] 1- q: RRSIG? pizzaseo.com. 0/13/14 ns: com. NS j.gtld-servers.net., com. NS m.gtld-servers.net., com. NS c.gtld-servers.net., com. NS b.gtld-servers.net., com. NS d.gtld-servers.net., com. NS e.gtld-servers.net., com. NS l.gtld-servers.net., com. NS f.gtld-servers.net., com. NS h.gtld-servers.net., com. NS i.gtld-servers.net., com. NS a.gtld-servers.net., com. NS k.gtld-servers.net., com. NS g.gtld-servers.net. ar: m.gtld-servers.net. A 192.55.83.30, l.gtld-servers.net. A 192.41.162.30, k.gtld-servers.net. A 192.52.178.30, j.gtld-servers.net. A 192.48.79.30, i.gtld-servers.net. A 192.43.172.30, h.gtld-servers.net. A 192.54.112.30, g.gtld-servers.net. A 192.42.93.30, f.gtld-servers.net. A 192.35.51.30, e.gtld-servers.net. A 192.12.94.30, d.gtld-servers.net. A 192.31.80.30, c.gtld-servers.net. A 192.26.92.30, b.gtld-servers.net. A 192.33.14.30, a.gtld-servers.net. A 192.5.6.30, m.gtld-servers.net. AAAA 2001:501:b1f9::30(490) (ttl 63, id 11754, len 518)

... exactly because of this reason.

Which named version do you run?
do you use views?

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!