issue of Amplification attack

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

issue of Amplification attack

ShubhamGoyal
Dear sir,
                         Thank you  for give me answer for my previous question,  Sir now we are suffer from amplification attack so is there any method in bind to stop DNS Amplification attack.
I am thinking to stop or drop ANY type queries from our DNS Recursive resolver , so please tell me how can we drop or stop ANY type queries from bind.
 
 
 

150th Anniversary Mahatma Gandhi

------------------------------------------------------------------------------------------------------------
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
------------------------------------------------------------------------------------------------------------
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: issue of Amplification attack

Reindl Harald


Am 12.07.20 um 06:23 schrieb ShubhamGoyal:
> Dear sir,
> Thank you  for give me answer for my previous
> question,  Sir now we are suffer from amplification attack so is there
> any method in bind to stop DNS Amplification attack.
> I am thinking to stop or drop ANY type queries from our DNS Recursive
> resolver , so please tell me how can we drop or stop ANY type queries
> from bind.

there where a recent discussion you missed in the past few days, our
config for years:

options {
 .......
 minimal-responses      yes;
 minimal-any            yes;
 rate-limit
 {
  responses-per-second 10;
  window               5;
 };
}

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: issue of Amplification attack

Michael De Roover
In reply to this post by ShubhamGoyal
There was a very interesting conversation about this last week. See
https://www.mail-archive.com/bind-users@.../msg29187.html.

On 7/12/20 6:23 AM, ShubhamGoyal wrote:
> Dear sir,
>                          Thank you  for give me answer for my previous
> question,  Sir now we are suffer from amplification attack so is there
> any method in bind to stop DNS Amplification attack.
> I am thinking to stop or drop ANY type queries from our DNS Recursive
> resolver , so please tell me how can we drop or stop ANY type queries
> from bind.
--
Met vriendelijke groet / Best regards,
Michael De Roover
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: issue of Amplification attack

Matus UHLAR - fantomas
>On 7/12/20 6:23 AM, ShubhamGoyal wrote:
>>                         Thank you  for give me answer for my
>>previous question,  Sir now we are suffer from amplification attack
>>so is there any method in bind to stop DNS Amplification attack.
>>I am thinking to stop or drop ANY type queries from our DNS
>>Recursive resolver , so please tell me how can we drop or stop ANY
>>type queries from bind.

On 12.07.20 12:48, Michael De Roover wrote:
>There was a very interesting conversation about this last week. See
>https://www.mail-archive.com/bind-users@.../msg29187.html.

alternative link:
https://lists.isc.org/pipermail/bind-users/2020-July/103389.html

I find it more readable.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: issue of Amplification attack

@lbutlr
On 12 Jul 2020, at 06:28, Matus UHLAR - fantomas <[hidden email]> wrote:
>> On 7/12/20 6:23 AM, ShubhamGoyal wrote:
>>> I am thinking to stop or drop ANY type queries from our DNS Recursive resolver , so please tell me how can we drop or stop ANY type queries from bind.

Don't do this.

> On 12.07.20 12:48, Michael De Roover wrote:
>> There was a very interesting conversation about this last week. See https://www.mail-archive.com/bind-users@.../msg29187.html.
>
> alternative link:
> https://lists.isc.org/pipermail/bind-users/2020-July/103389.html

Specifically read this message before you decide you want to disable responses to ANY.

<https://lists.isc.org/pipermail/bind-users/2020-July/103399.html>



--
"I can't see the point in the theatre. All that sex and violence. I
        get enough of that at home. Apart from the sex, of course." -
        Baldrick

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users