disabling "Any" requests
p.mayers at imperial.ac.uk
Thu Jul 12 15:51:19 UTC 2012
On 12/07/12 16:48, sthaug at nethelp.no wrote:
>>> Personally I don't know why "dig -t any" would be a problem. It's
>>> not exactly the same as doing an axfr transfer of the zone - it still
>>> only gets limited information.
>> They're the current query type du jour for DDoS amplification attacks,
>> which I assume the OP is experiencing.
> The attackers have already diversified. TXT queries work just as well,
> e.g. against wroe.com. Blocking ANY queries is going to a rather short
> term "fix".
Not unexpected. They are, sadly, not idiots, and are probably reading
the same mailing lists we are.
More information about the bind-users