How to suppress ADDITIONAL SECTION per zone
p.mayers at imperial.ac.uk
Mon Jul 1 11:57:01 UTC 2013
On 01/07/13 12:02, blrmaani wrote:
> We are noticing that a handful of our domains are being used for
> amplification attacks and we would like to reduce outgoing (DNS
> response) packet size.
> One solution is to reduce the additional sections in the response for
> these handful zones and I would like to know if there is any way to
> add something similar to "additional-from-auth no" per zone basis and
> achieve what I want.
Well, the bind ARM contains all valid per-zone options. If you look at
it, you'll see there are no per-zone options to control response
content. So no, sorry, you can't do this. You'll need to do it globally,
or use RRL patches (or both).
More information about the bind-users