DNS Amplification Attack and different results in bind 9.6/9.7
bortzmeyer at nic.fr
Mon Nov 14 21:01:31 UTC 2011
On Tue, Nov 15, 2011 at 03:51:52AM +0900,
Euiho Kim <leokim111 at gmail.com> wrote
a message of 215 lines which said:
> In bind-9.6 installed server, response query rcvd msg size is 600~700 byte,
> But bind-9.7, response rcvd msg size is 3100~3400 byte(large size), It
> includes lots of DNSSEC RRSet.
I vaguely remember that the default config for DNSSEC changed from
"dnssec-enable no" to "dnssec-enable yes". This may be the reason. Try
to change this variable explicitely.
More information about the bind-users