Re: How can I tell if a quiry is answered or denied

[Benny Pedersen]

On 2022-04-20 23:07, Richard T.A. Neal wrote:

Hi Hal,

In addition to this you might also want to look into Response Rate
Limiting. This may help to reduce the load on your DNS servers from
bad actors without having to play a cat & mouse game of spotting and
blocking them.

Response Rate Limiting is explained in detail in the BIND ARM here
(scroll down to section 4.2.16.19):

https://downloads.isc.org/isc/bind9/9.18.2/doc/arm/html/reference.html


how well does this work with very low $TTL in zone file ?

https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How can I tell if a quiry is answered or denied

[King, Harold Clyde (Hal) via bind-users]

That's not in my version of bind-9.16.23.

Thanks anyway!


--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:d0cf86b5-1da2-47ba-9a66-0e3522260ce4]

From: Jeff Sumner 
Sent: Wednesday, April 20, 2022 4:25 PM
To: King, Harold Clyde (Hal) ; bind-users 

Subject: Re: How can I tell if a quiry is answered or denied

You don't often get email from kc4...@gmail.com. Learn why this is 
important





***

You can turn on answer logging:



rndc answerlog







Apologies- I believe the above is likely specific to EIP DNS builds.



J
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: How can I tell if a quiry is answered or denied

[Richard T.A. Neal]

Hi Hal,

In addition to this you might also want to look into Response Rate Limiting. 
This may help to reduce the load on your DNS servers from bad actors without 
having to play a cat & mouse game of spotting and blocking them.

Response Rate Limiting is explained in detail in the BIND ARM here (scroll down 
to section 4.2.16.19):
https://downloads.isc.org/isc/bind9/9.18.2/doc/arm/html/reference.html

Best,
Richard.


From: bind-users  On Behalf Of Jeff Sumner
Sent: 20 April 2022 9:25 pm
To: King, Harold Clyde (Hal) ; bind-users 

Subject: Re: How can I tell if a quiry is answered or denied



***
You can turn on answer logging:

rndc answerlog



Apologies- I believe the above is likely specific to EIP DNS builds.

J
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How can I tell if a quiry is answered or denied

[Jeff Sumner]

***
You can turn on answer logging:

rndc answerlog



Apologies- I believe the above is likely specific to EIP DNS builds.

J
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How can I tell if a quiry is answered or denied

[Jeff Sumner]

From: bind-users  on behalf of King, Harold 
Clyde (Hal) via bind-users 
Date: Wednesday, April 20, 2022 at 3:29 PM
To: bind-users 
Subject: How can I tell if a quiry is answered or denied
I'm trying to find bad actors stretching out my load on my main DNS server I 
can't tell from the query log if a host is denied an answer, or given an 
answer. Also, can I get the answer in my logs? I got one great answer today, 
maybe I'm pushing my luck, but I do feel lucky.


--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:fe5c07f5-ef0a-4dd8-a8d0-f22481933b6b]




You can turn on answer logging:

rndc answerlog


This will log answers:
client @0x47faa158 192.168.0.6#60588 (hobbes.nmsu.edu): answer: hobbes.nmsu.edu 
IN A +T (192.168.0.210) -> NOERROR hobbes.nmsu.edu. 3600 A 128.123.88.139


J
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How can I tell if a quiry is answered or denied

[King, Harold Clyde (Hal) via bind-users]

I'm trying to find bad actors stretching out my load on my main DNS server I 
can't tell from the query log if a host is denied an answer, or given an 
answer. Also, can I get the answer in my logs? I got one great answer today, 
maybe I'm pushing my luck, but I do feel lucky.


--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:fe5c07f5-ef0a-4dd8-a8d0-f22481933b6b]
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users