Ejaz mejaz at cyberia.net.sa
Wed Jul 27 07:41:17 UTC 2016

Thanks for all. 

But the strange thing is that if the request comes on 53 port then it should
go only from 53 is it?? Why goes out from 0, any clue would be highly


-----Original Message-----
From: Tony Finch [mailto:dot at dotat.at] 
Sent: Tuesday, July 26, 2016 4:12 PM
To: S Carr <sjcarr at gmail.com>
Cc: Ejaz <mejaz at cyberia.net.sa>; bind-users <bind-users at lists.isc.org>
Subject: Re: outgoing-traffic

S Carr <sjcarr at gmail.com> wrote:
> You might want to check whether the requests are legitimate before 
> completely blocking them, rate limiting would be a better option.

Remember this is TCP traffic.

RRL is designed to deal with spoofed UDP traffic. It can actually make
non-spoofed floods worse, because RRL pushes UDP traffic to TCP, and TCP is
very easy to saturate.

You might find it helps to avoid truncated responses, e.g. by turning on the
minimal-responses option. (See also minimal-any in BIND 9.11)

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Southeast Iceland: Northerly or northwesterly 5 to 7, occasionally gale 8
until later in north. Moderate or rough. Occasional rain, fog patches.
Moderate or good, occasionally very poor.

More information about the bind-users mailing list