[colug-432] DNS Amplification Attack
R P Herrold
herrold at owlriver.com
Wed Apr 3 11:49:11 EDT 2013
On Tue, 2 Apr 2013, Rob wrote:
> How do you achieve this? Well, for bind, you use
>
> options { allow-query { ... }; };
Putting on my ISP hat (we answer for several hundred domains
for customers, which they may amend on a self-service basis,
if they wish)
One of our testing 'side' servers for a customer was
over-looked on the maintenance needed to make sure it was not
a potential 'recursive query' offender, provoking a courtesy
report from a person doing scanning for such. The traffic
logs on that unit made it pretty clear that we were also being
abused oy others, until we locked it down
I would also add an explicit:
recursion no;
in the:
options {
};
stanza.
DNS is an interesting area as it is (properly) finally being
growing to be more than just doing
name <--> number mappings
and changing into its designed purpose of providing a
locally maintained, but recursive and scalable too to
distribute 'read many, write few' information, through TXT,
SRV and related records
-- Russ herrold
More information about the colug-432
mailing list