How to return REFUSED
Axel Rau
Axel.Rau at chaos1.de
Thu May 6 18:15:58 UTC 2021
> Am 06.05.2021 um 18:41 schrieb Axel Rau <Axel.Rau at chaos1.de>:
>
> This NS has some other clients in the DMZ LAN, so I need Views.
With 2 views ddos trace looks much better:
17:40:21.483188 186.149.116.55.80 > 91.216.35.171.53: [no udp cksum] 1+ RRSIG? pizzaseo.com.(30) (ttl 242, id 21165, len 58)
17:40:21.483470 91.216.35.171.53 > 186.149.116.55.80: [udp sum ok] 1 Refused- q: RRSIG? pizzaseo.com. 0/0/0(30) (DF) (ttl 64, id 0, len 58)
Hopefully, they give up in some days, if there is no amplification any more.
I have now 2 views. All zones are in the internal view.
The (only) external zones in external view use in-view to reference them in internal view.
axfr seems to work,, notify still to be tested.
If someone wants to play with the staging server please:
dig ANY chaos1.de. @ns3.lrau.net.
Any feedback welcome,
Axel
---
PGP-Key: CDE74120 ☀ computing @ chaos claudius
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210506/8e0400dc/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210506/8e0400dc/attachment.bin>
More information about the bind-users
mailing list