refuse ANY queries
Petr Špaček
petr.spacek at nic.cz
Fri Aug 25 14:58:53 UTC 2017
On 25.8.2017 15:55, A. Schulze via Unbound-users wrote:
>
> W.C.A. Wijngaards via Unbound-users:
>
>> It is enabled by default, and implemented in Unbound 1.5.4. These are
>> the changelog entries from the download page:
>
> found: ~unbound-source/service/cache/dns.c, search for 'Fill TYPE_ANY
> response'
>
> As Petr mentioned, the responses aren't necessary really 'small'
>
> Any chance, someone implement "4.2. Synthesised HINFO RRset"
> and let the operator choose 4.1 or 4.2?
BTW it is possible to play nasty tricks and reply with an 'actual' ANY:
local-zone: "example.com." typetransparent
local-data: "example.com. TYPE255 \# 1 00"
I hope such answer will break the botnet we are fighting against!
Have a nice weekend.
--
Petr Špaček @ CZ.NIC
More information about the Unbound-users
mailing list