RPZ cannot rewrite servfail, it is designed to replace a valid response.
On 2/28/14 11:42 AM, Jason Brown wrote:
>
> Isn't this where RPZ comes in? Using RPZ means it is quicker and
> easier to null amplification, also easier to remove if you do all this
> with nsupdate, you can also create a webp
Ben,
No, our server is not an open resolver, we have a large user community
and the problem is that users install their own wifi box like Zyxel or
similar which may have open resolver by default.
Ivo
On 2/27/14 5:18 PM, Ben Croswell wrote:
>
> I guess I am missing why anyone on the in
ck most active open
resolvers and coordinate with local CERT.
It would be nice to have some kind of rate limits for query volume of
different hosts inside a single zone.
Best regards,
Ivo
On 2/27/14 7:59 AM, Dmitry Rybin wrote:
> Over 2 weeks ago begins flood. A lot of queries:
>
> niqcs.
th IP matching any of the
root server IP and source port :53 on DNS cache servers, so we will
avoid loading root servers with this spoofed reply.
I hope this does not drop legitimate traffic so let me know if this is a
bad idea. :)
best regards,
/lGeWxw4Elw/TWAu7rlZtVWPEtbLA4Fp6DO9sQ9Uh2i
g3Ghd2LQ2excrzRj8FAuJ8SMwsCb4TRCm06hb4U5dW6L8zD3UmfwX3EI
2AyaQ3vGhfeMKCCKKua8gzxsfcpqOqkPYYTszdCFjG1KfatCYEwvEJyf VXPkZbH9
Has anyone else had a similar problem with the signing tool?
Thanks,
Ivo
___
bind-users
5 matches
Mail list logo
