Dear admin & devs,
I have been using bind for recursive resolving for quite few years, while
recently noticed for experimentation while performing TCP dump and compared it
for bind's working functionality, it's been noted that it tries to resolve from
nearby peer recursive resolvers for queried domains which resulted in a
flooding type of attack. It was simulated in a controlled environment setup to
understand security of the software. So the actual help need is to find answer:
1. Do BIND identifies & uses peer resolvers for fast resolution instead of
following the DNS hierarchical lookup? If no why this happened in my case even
with proper rate limiting in place / If yes, how does it identifies peer
resolver?
2. Is there any way to strictly say the bind to resolve hierarchically so that
the TCP dump doesn't raise any anomaly, considering the fact that both of the
mentioned versions exhibited this behaviour.
Thank you in Advance for helping out!!!
Sent using {0}--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list.
