Well, partly from what I see.
Posts from yesterday already mentioned that many sources are not spoofed for
the actual query the nameserver sees.
If I look at our logs I see that most of the any queries come from
north-america, not china. They use spoofed source ip's to reach the cpe, but
the
how about much simpler configuration option to force all
any queries to be reissued over TCP,
restrict-any-udp yes/no;
as i charge by the byte, i like it a lot. ymmv.
randy
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net