disabling "Any" requests

sthaug at nethelp.no sthaug at nethelp.no
Thu Jul 12 15:48:12 UTC 2012

> > Personally I don't know why "dig -t any" would be a problem.   It's
> > not exactly the same as doing an axfr transfer of the zone - it still
> > only gets limited information.
> They're the current query type du jour for DDoS amplification attacks, 
> which I assume the OP is experiencing.

The attackers have already diversified. TXT queries work just as well,
e.g. against wroe.com. Blocking ANY queries is going to a rather short
term "fix".

Steinar Haug, Nethelp consulting, sthaug at nethelp.no

More information about the bind-users mailing list