disabling "Any" requests

Phil Mayers p.mayers at imperial.ac.uk
Thu Jul 12 14:47:31 UTC 2012

On 12/07/12 15:16, Lightner, Jeff wrote:

> Personally I don't know why "dig -t any" would be a problem.   It's
> not exactly the same as doing an axfr transfer of the zone - it still
> only gets limited information.

They're the current query type du jour for DDoS amplification attacks, 
which I assume the OP is experiencing.

Personally I feel it's a mistake to focus on the query type; as others 
have pointed out, DNSSEC-signed TXT/SPF records are large, and 
plentiful. Best just focus on query rate.

More information about the bind-users mailing list