Apologies.  The intent is to drop inbound AAAA queries from the internet.

Sent from Nine<http://www.9folders.com/>

From: Mark Andrews <ma...@isc.org>
Sent: May 16, 2016 3:41 PM
To: John W. Blue
Cc: bind-users@lists.isc.org
Subject: Re: New type of DDoS? Anyone saw it?


In message <e7f58592-1570-494f-a530-97e54b8c0...@rrcic.com>, "John W. Blue" 
writes:
>
> Hello Marek,
>
> Do you have an IPv6 assignment?  If not, there is really no need to even
> be resolving AAAA records.  An overly simplistic description of a
> potential solution could be to just drop the incoming AAAA request via
> its hex value in much the same way rate limiting is done for the "any"
> query:
>
> -hex-string '|0000FF0001|'
>
> I don't know off hand what the hex value for AAAA is but it should not be
> too hard to find.
>
> John

Just dropping AAAA queries is a bad idea as most machines actually
have a AAAA addresses (loopback and linklocal) so just about every
application makes AAAA queries.  If you drop AAAA queries you slow
up every address lookup in your network.

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to