<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt">Hello,<br><span></span><div><span>Did I miss any feedback on this, or perhaps there isn't any to offer (?)</span></div><div><span>Thank you.<br></span></div><div><br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Fr34k <freaknetboy@yahoo.com><br> <b><span style="font-weight: bold;">To:</span></b> Bindlist <bind-users@isc.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Friday, March 9, 2012 10:30 AM<br> <b><span style="font-weight: bold;">Subject:</span></b>
DNS Amplification Attack Mitigation<br> </font> </div> <br>
<br><br>All,<br><br>I am (we all are (?)) interested in techniques for mitigating DNS amplification attacks for both recursive and authoritative BIND servers (versions 9.x).<br><br><br>Google found http://www.secureworks.com/research/threats/dns-amplification/ and http://www.publicsafety.gc.ca/prg/em/ccirc/2009/av09-011-eng.aspx<br>which mention limiting clients via ACLs and using "additional-from-cache no;" as mitigation techniques.<br><br><br>Good articles, but written several years ago so there might be additional configuration suggestions from the community since 2009.<br>Are there and, if so, what are they?<br>Perhaps said another way, what other named.conf settings could we be looking at in this effort?<br><br><br>Thank you.<br><br>_______________________________________________<br>Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this
list<br><br>bind-users mailing list<br><a ymailto="mailto:bind-users@lists.isc.org" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br><a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br><br><br> </div> </div> </blockquote></div> </div></body></html>