DNS Amplification Attack and different results in bind 9.6/9.7

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Nov 14 21:01:31 UTC 2011

On Tue, Nov 15, 2011 at 03:51:52AM +0900,
 Euiho Kim <leokim111 at gmail.com> wrote 
 a message of 215 lines which said:

> In bind-9.6 installed server, response query rcvd msg size is 600~700 byte,
> But bind-9.7, response rcvd msg size is 3100~3400 byte(large size), It
> includes lots of DNSSEC RRSet.

I vaguely remember that the default config for DNSSEC changed from
"dnssec-enable no" to "dnssec-enable yes". This may be the reason. Try
to change this variable explicitely.

More information about the bind-users mailing list