How to suppress ADDITIONAL SECTION per zone

Phil Mayers p.mayers at
Mon Jul 1 11:57:01 UTC 2013

On 01/07/13 12:02, blrmaani wrote:
> We are noticing that a handful of our domains are being used for
> amplification attacks and we would like to reduce outgoing (DNS
> response) packet size.
> One solution is to reduce the additional sections in the response for
> these handful zones and I would like to know if there is any way to
> add something similar to "additional-from-auth no" per zone basis and
> achieve what I want.

Well, the bind ARM contains all valid per-zone options. If you look at 
it, you'll see there are no per-zone options to control response 
content. So no, sorry, you can't do this. You'll need to do it globally, 
or use RRL patches (or both).

More information about the bind-users mailing list