Request for clarification on the functionality of BIND 9.18.37 /9.20.22
Crist Clark
cjc+bind-users at pumpky.net
Tue May 5 13:56:09 UTC 2026
I’m going to guess you’re observing the operating system resolver working,
not the BIND server. Is the OS resolver configured to hit multiple local
servers? Make sure it’s only using 127.0.0.1 or something like that during
your tests.
On Tue, May 5, 2026 at 6:08 AM Kishore Karthikeyan A T via bind-users <
bind-users at lists.isc.org> wrote:
> Dear admin & devs,
>
> I have been using bind for recursive resolving for quite few years, while
> recently noticed for experimentation while performing TCP dump and compared
> it for bind's working functionality, it's been noted that it tries to
> resolve from nearby peer recursive resolvers for queried domains which
> resulted in a flooding type of attack. It was simulated in a controlled
> environment setup to understand security of the software. So the actual
> help need is to find answer:
>
> 1. Do BIND identifies & uses peer resolvers for fast resolution instead of
> following the DNS hierarchical lookup? If no why this happened in my case
> even with proper rate limiting in place / If yes, how does it identifies
> peer resolver?
>
> 2. Is there any way to strictly say the bind to resolve hierarchically so
> that the TCP dump doesn't raise any anomaly, considering the fact that both
> of the mentioned versions exhibited this behaviour.
>
> Thank you in Advance for helping out!!!
>
>
> Sent using Zoho Mail
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20260505/fb473e0c/attachment-0001.htm>
More information about the bind-users
mailing list