Feature request: -disable-any-meta-query-type dns amplification attacks

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Feature request: -disable-any-meta-query-type dns amplification attacks

Josh Sanders


I just want to share this info for blocking dns amplification attacks


Merry Christmas !

On Fri, Dec 18, 2015 at 3:21 PM, Josh Sanders <[hidden email]> wrote:
Thanks for your reply Bert,

I am trying the iptables rules for stopping "questions"
-m string --hex-string "|0000ff0001|"  and not allowing
to overload my small DNSs.

On Fri, Dec 18, 2015 at 3:01 PM, bert hubert <[hidden email]> wrote:
On Fri, Dec 18, 2015 at 02:50:22PM -0600, Josh Sanders wrote:
> Remote xxx.xxx.xxx.www wants 'domainD.com|ANY', do = 0, bufsize = 1680:
> packetcache MISS
> As you may see, 'any-to-tcp=yes' seems to be not working so far ...

Can you tcpdump? They could simply be sking the question, doesn't mean they
have to *respect* your TC=1 answer. Since that is all we can do, set TC=1.
It does not stop the questions!

We do provide a really small answer that way, which stops the amplification
from working.


Pdns-users mailing list
[hidden email]