How to return REFUSED

Axel Rau Axel.Rau at chaos1.de
Thu May 6 18:15:58 UTC 2021



> Am 06.05.2021 um 18:41 schrieb Axel Rau <Axel.Rau at chaos1.de>:
> 
> This NS has some other clients in the DMZ LAN, so I need Views.


With 2 views ddos trace looks much better:

17:40:21.483188 186.149.116.55.80 > 91.216.35.171.53: [no udp cksum] 1+ RRSIG? pizzaseo.com.(30) (ttl 242, id 21165, len 58)
17:40:21.483470 91.216.35.171.53 > 186.149.116.55.80: [udp sum ok] 1 Refused- q: RRSIG? pizzaseo.com. 0/0/0(30) (DF) (ttl 64, id 0, len 58)

Hopefully, they give up in some days, if there is no amplification any more.

I have now 2 views. All zones are in the internal view.
The (only) external zones in external view use in-view to reference them in internal view.
axfr seems to work,, notify still to be tested.

If someone wants to play with the staging server please:

	dig ANY chaos1.de. @ns3.lrau.net.

Any feedback welcome,
Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210506/8e0400dc/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210506/8e0400dc/attachment.bin>


More information about the bind-users mailing list