New type of DDoS? Anyone saw it?
marka at isc.org
Mon May 16 20:40:22 UTC 2016
In message <e7f58592-1570-494f-a530-97e54b8c04cf at rrcic.com>, "John W. Blue" writes:
> Hello Marek,
> Do you have an IPv6 assignment? If not, there is really no need to even
> be resolving AAAA records. An overly simplistic description of a
> potential solution could be to just drop the incoming AAAA request via
> its hex value in much the same way rate limiting is done for the "any"
> -hex-string '|0000FF0001|'
> I don't know off hand what the hex value for AAAA is but it should not be
> too hard to find.
Just dropping AAAA queries is a bad idea as most machines actually
have a AAAA addresses (loopback and linklocal) so just about every
application makes AAAA queries. If you drop AAAA queries you slow
up every address lookup in your network.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users