Apologies. The intent is to drop inbound AAAA queries from the internet. Sent from Nine<http://www.9folders.com/>
From: Mark Andrews <[email protected]> Sent: May 16, 2016 3:41 PM To: John W. Blue Cc: [email protected] Subject: Re: New type of DDoS? Anyone saw it? In message <[email protected]>, "John W. Blue" writes: > > Hello Marek, > > Do you have an IPv6 assignment? If not, there is really no need to even > be resolving AAAA records. An overly simplistic description of a > potential solution could be to just drop the incoming AAAA request via > its hex value in much the same way rate limiting is done for the "any" > query: > > -hex-string '|0000FF0001|' > > I don't know off hand what the hex value for AAAA is but it should not be > too hard to find. > > John Just dropping AAAA queries is a bad idea as most machines actually have a AAAA addresses (loopback and linklocal) so just about every application makes AAAA queries. If you drop AAAA queries you slow up every address lookup in your network. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
