disabling "Any" requests

Phil Mayers p.mayers at imperial.ac.uk
Thu Jul 12 15:51:19 UTC 2012


On 12/07/12 16:48, sthaug at nethelp.no wrote:
>>> Personally I don't know why "dig -t any" would be a problem.   It's
>>> not exactly the same as doing an axfr transfer of the zone - it still
>>> only gets limited information.
>>
>> They're the current query type du jour for DDoS amplification attacks,
>> which I assume the OP is experiencing.
>
> The attackers have already diversified. TXT queries work just as well,
> e.g. against wroe.com. Blocking ANY queries is going to a rather short
> term "fix".

Not unexpected. They are, sadly, not idiots, and are probably reading 
the same mailing lists we are.



More information about the bind-users mailing list