On Fri, Jun 15, 2012 at 9:37 PM, Holemans Wim <wim.holem...@ua.ac.be> wrote: > > > Wim Holemans > Netwerkdienst Universiteit Antwerpen > Network Services University of Antwerp > > > One of the problems is that these firewalls are going to be replaced soon and > we don't want to spend to much effort in trying to fix what seems an annoying > side-effect of something caused by a DNS system.
You DO realize that DNS is (mostly) UDP packets, and an attacker (or in your case, the ADs) can simply send UDP packet floods to kill your firewall (in your current state), regardless how your DNS server is configured, even when the DNS server is down? -- Fajar _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
