disabling "Any" requests
p.mayers at imperial.ac.uk
Thu Jul 12 14:47:31 UTC 2012
On 12/07/12 15:16, Lightner, Jeff wrote:
> Personally I don't know why "dig -t any" would be a problem. It's
> not exactly the same as doing an axfr transfer of the zone - it still
> only gets limited information.
They're the current query type du jour for DDoS amplification attacks,
which I assume the OP is experiencing.
Personally I feel it's a mistake to focus on the query type; as others
have pointed out, DNSSEC-signed TXT/SPF records are large, and
plentiful. Best just focus on query rate.
More information about the bind-users