Request for clarification on the functionality of BIND 9.18.37 /9.20.22
Kishore Karthikeyan A T
kishorekarthikeyan0612 at zohomail.in
Tue May 5 13:08:25 UTC 2026
Dear admin & devs,
I have been using bind for recursive resolving for quite few years, while recently noticed for experimentation while performing TCP dump and compared it for bind's working functionality, it's been noted that it tries to resolve from nearby peer recursive resolvers for queried domains which resulted in a flooding type of attack. It was simulated in a controlled environment setup to understand security of the software. So the actual help need is to find answer:
1. Do BIND identifies & uses peer resolvers for fast resolution instead of following the DNS hierarchical lookup? If no why this happened in my case even with proper rate limiting in place / If yes, how does it identifies peer resolver?
2. Is there any way to strictly say the bind to resolve hierarchically so that the TCP dump doesn't raise any anomaly, considering the fact that both of the mentioned versions exhibited this behaviour.
Thank you in Advance for helping out!!!
Sent using {0}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20260505/8917eeaa/attachment.htm>
More information about the bind-users
mailing list