On 06.05.21 18:41, Axel Rau wrote:
This NS has some other clients in the DMZ LAN, so I need Views.
you need multiple views if you are going to provide multiple versions of the
same zones, different forwardings for different domains or alike.
Not just if you have other clients.
--
Matus UHLAR
> With 2 views ddos trace looks much better:
>
> 17:40:21.483188 186.149.116.55.80 > 91.216.35.171.53: [no udp cksum] 1+ >
> RRSIG? pizzaseo.com.(30) (ttl 242, id 21165, len 58)
> 17:40:21.483470 91.216.35.171.53 > 186.149.116.55.80: [udp sum ok] 1 >
> Refused- q: RRSIG? pizzaseo.com. 0/0/0(30)
> Am 06.05.2021 um 18:41 schrieb Axel Rau :
>
> This NS has some other clients in the DMZ LAN, so I need Views.
With 2 views ddos trace looks much better:
17:40:21.483188 186.149.116.55.80 > 91.216.35.171.53: [no udp cksum] 1+ RRSIG?
pizzaseo.com.(30) (ttl 242, id 21165, len 58)
17:40:21.483
> Am 05.05.2021 um 22:06 schrieb Kevin Darcy via bind-users
> mailto:bind-users@lists.isc.org>>:
>
> I just checked the ARM, and it denotes that "match-recursive-only" (boolean)
> still exists for views. So, you might be able to set up a special view with
> that, as well as a negated match-cl
> Am 06.05.2021 um 12:05 schrieb Matus UHLAR - fantomas :
>
>
> Which named version do you run?
9.16.15
> do you use views?
No, but after reading Tonys response, I’m now starting to convert my config to
views.
Axel
---
PGP-Key: CDE74120 ☀ computing @ chaos claudius
signature.asc
Descrip
> Am 06.05.2021 um 16:45 schrieb Tony Finch :
>
> Axel Rau wrote:
>
>> I have,
>>
>> allow-query { any; };
>> allow-query-cache { recursive-users; };
>> allow-recursion { recursive-users; };
>>
>> How can I make sure that none recursive-users get a REFUSED if query is
>> recu
Axel Rau wrote:
> I have,
>
> allow-query { any; };
> allow-query-cache { recursive-users; };
> allow-recursion { recursive-users; };
>
> How can I make sure that none recursive-users get a REFUSED if query is
> recursive?
Weird! I think your config should do what you want so
On 05.05.21 21:09, Axel Rau wrote:
allow-query { any; };
allow-query-cache { recursive-users; };
allow-recursion { recursive-users; };
How can I make sure that none recursive-users get a REFUSED if query is
recursive?
I thought this is the default...
PS: I want to min
[ Classification Level: GENERAL BUSINESS ]
I just checked the ARM, and it denotes that "match-recursive-only"
(boolean) still exists for views. So, you might be able to set up a special
view with that, as well as a negated match-clients, specifying allow-query
{ none; }. Put it as the first view,
I have,
allow-query { any; };
allow-query-cache { recursive-users; };
allow-recursion { recursive-users; };
How can I make sure that none recursive-users get a REFUSED if query is
recursive?
Axel
PS: I want to minimize the responses to this amplification attack:
- - -
1
10 matches
Mail list logo
