Path: csiph.com!news.mixmin.net!gandalf.srv.welterde.de!newsfeed.xs3.de!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail
From: Reindl Harald <h.reindl@thelounge.net>
Newsgroups: comp.protocols.dns.bind
Subject: Re: issue of Amplification attack
Date: Sun, 12 Jul 2020 08:49:23 +0200
Organization: the lounge interactive design
Lines: 25
Approved: bind-users@lists.isc.org
Message-ID: <mailman.718.1594899666.942.bind-users@lists.isc.org>
References: <mailman.4466.1594382486.941.bind-users@lists.isc.org> <675429057.121047.1594527824988.JavaMail.open-xchange@webmail.cdac.in> <07f55422-73a3-9c44-9099-3e44fc94c4d9@thelounge.net>
NNTP-Posting-Host: lists.isc.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Trace: usenet.stanford.edu 1594899703 31476 149.20.1.60 (16 Jul 2020 11:41:43 GMT)
X-Complaints-To: action@cs.stanford.edu
To: bind-users@lists.isc.org
Return-Path: <h.reindl@thelounge.net>
X-Original-To: bind-users@lists.isc.org
Delivered-To: bind-users@lists.isc.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
In-Reply-To: <675429057.121047.1594527824988.JavaMail.open-xchange@webmail.cdac.in>
Content-Language: en-US
X-Spam-Status: No, score=1.0 required=5.0 tests=DEAR_SOMETHING, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS, SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Level: *
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org
X-Mailman-Approved-At: Thu, 16 Jul 2020 11:41:04 +0000
X-BeenThere: bind-users@lists.isc.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe: <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive: <https://lists.isc.org/pipermail/bind-users/>
List-Post: <mailto:bind-users@lists.isc.org>
List-Help: <mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe: <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
X-Mailman-Original-Message-ID: <07f55422-73a3-9c44-9099-3e44fc94c4d9@thelounge.net>
X-Mailman-Original-References: <mailman.4466.1594382486.941.bind-users@lists.isc.org> <675429057.121047.1594527824988.JavaMail.open-xchange@webmail.cdac.in>
Xref: csiph.com comp.protocols.dns.bind:15982



Am 12.07.20 um 06:23 schrieb ShubhamGoyal:
> Dear sir,
> Thank you  for give me answer for my previous
> question,  Sir now we are suffer from amplification attack so is there
> any method in bind to stop DNS Amplification attack.
> I am thinking to stop or drop ANY type queries from our DNS Recursive
> resolver , so please tell me how can we drop or stop ANY type queries
> from bind.

there where a recent discussion you missed in the past few days, our
config for years:

options {
 .......
 minimal-responses      yes;
 minimal-any            yes;
 rate-limit
 {
  responses-per-second 10;
  window               5;
 };
}