Bind dns amplification attack
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Mar 28 16:48:29 UTC 2023
>On 3/28/23 6:30 AM, Matus UHLAR - fantomas wrote:
>>Great, this means that only clients with those IP addresses can
>>query your server for non-local information.
On 28.03.23 10:16, Grant Taylor via bind-users wrote:
>I used to think the same thing.
>
>Then I learned that I needed to also add similar configuration for
>`allow-query {...};` and `allow-query-cache {...};`
allow-query-cache defaults to content of allow-recursion if only the latter
is defined.
allow-query is safe to configure if nobody is supposed to query your server
from outside - e.g. your server does not provide authoritative zones for
use from internet.
If your server has authroritative zones for internal use, yes, in such case
allow-query is good idea.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.
More information about the bind-users
mailing list