DNS security, amplification attacks and recursion

Brett Delmage Brett at BrettDelmage.ca
Tue Jul 7 18:21:13 UTC 2020

On Tue, 7 Jul 2020, Tony Finch wrote:

> Reduce the size of responses to ANY queries, which are a favourite tool of
> amplification attacks. There's basically no downside to this one, in my
> opinion, but I'm biased because I implemented it.
> 	minimal-any yes;

Why only reduce and not eliminate?

Can ANY responses be disabled completely with an option?

This article at cloudflare
states that they have deprecated it because it wasn't being used. They 
should know! This was posted over 5 years ago, in 2015.


More information about the bind-users mailing list