Thus said Daniel Fussell on Fri, 17 Jan 2014 10:17:35 -0700: > Recently someone started using my DNS server for a DNS amplification > attack, forcing me to disable recursion for queries coming from > outside my network. It works well enough, but I'm now sending a denied > packet to the victim instead of a 4 kbyte TXT record, where I'd like > to send nothing at all.
Why should it send anything in response to a request for recursion if you don't even have recursion enabled? Either the DNS server software is still misconfigured, or it's broken. Andy -- TAI64 timestamp: 4000000052da0d7d /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
