you got response with BUGs on jira and temp fix is there... so, yes On 15 December 2014 at 13:49, Indra Pramana <in...@sg.or.id> wrote: > > Hi Andrija, > > Yes, it's on a shared network with public IP in advanced zone. So far I > don't see similar issues on my VPC's VRs, but it could be because the IP is > not known, unlike the VR on a shared network which will automatically use > the second IP on the subnet after the gateway (e.g. x.x.x.2). > > Is there a way to configure dnsmasq not to response to recursive queries? > > Thank you. > > > > On Mon, Dec 15, 2014 at 8:22 PM, Andrija Panic <andrija.pa...@gmail.com> > wrote: > > > > Indra, did you observe this on Shared Network - I had same issue with > > Shared Network (public IPs) in Advanced Zone. > > > > I think VR for VPC is NOT a problem... > > > > On 15 December 2014 at 13:13, Indra Pramana <in...@sg.or.id> wrote: > > > > > > Dear all, > > > > > > We are using CloudStack 4.2.0 with KVM hypervisors. > > > > > > Is there a way to prevent our virtual routers (VRs) to be targeted by > DNS > > > amplification attack? It seems that the DNS services on dnsmasq running > > on > > > the VRs are by default recursive, causing it to easily be targeted for > > DNS > > > amplification attack. > > > > > > Any advice on how to overcome this? > > > > > > Looking forward to your reply, thank you. > > > > > > Cheers. > > > > > > > > > -- > > > > Andrija Panić > > >
-- Andrija Panić
