Dns-operations mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

Looks like its working.  Your server has been solid for the last 5 
hours, from what I can see here.


On 01/12/2014 04:14 PM, Martin C wrote:
> > thing.  I did a quick check and noticed that you are resolving recursive
> > lookups, which is the reason why you are being flooded. Tier-1 servers
> > should NOT resolve recursively for this very reason. If you turn off
> > recursion, you should find that the attacks mostly go away within a few
> > days.
> I thought it was disabled. This is what my named.conf.options had:
>          //recursion yes;
>          allow-query { any; };
>          auth-nxdomain no;    # conform to RFC1035
>          //listen-on-v6 { any; };
>          listen-on { any; };
>          version "[hidden]";
>
> now I have underneath that:
>          recursion no;
>          allow-recursion {"none";};
>
>
> we'll see how that goes.