Re: allow-query does not seem to be working

On 08/08/2016 20:59, Frank Even wrote: > Thanks for the info. Also I'll have to note that I completely missed > that the "offending IP" is one of the .uk root servers so the next > logical conclusion is I've probably got a box in one of my environments > driving an amplification attack of some

Re: allow-query does not seem to be working

Thanks for the info. Also I'll have to note that I completely missed that the "offending IP" is one of the .uk root servers so the next logical conclusion is I've probably got a box in one of my environments driving an amplification attack of some sort or something at those IPs that I need to

Re: allow-query does not seem to be working

On 08/08/2016 18:43, Darcy Kevin (FCA) wrote: > As already noted, allow-query will cause you to send back a REFUSED > response. That’s sort of the whole point of the REFUSED RCODE. > > > > If you want to not send back any response **whatsoever**, then take a > look at the “blackhole”

RE: allow-query does not seem to be working

As already noted, allow-query will cause you to send back a REFUSED response. That’s sort of the whole point of the REFUSED RCODE. If you want to not send back any response *whatsoever*, then take a look at the “blackhole” statement, but, honestly, this kind of “drop” function may, depending

Re: forcing clients to TCP

Fima Leshinsky wrote: > > It seems like setting the TC flag is what I'm after but curious if there's > a way to do this via configuration rather than a patch. You can do this by setting the rate-limit slip parameter to 1. This might be the right answer if you want to use an