[dns-operations] if you're banning ANY queries, don't forget to ban SOA as well
Roland Dobbins
rdobbins at arbor.net
Mon Sep 5 10:02:59 UTC 2016
On 5 Sep 2016, at 12:56, Shane Kerr wrote:
> Operators have pointed out many times that blocking ANY seems to help
> them in practice.
In practice, I've blocked ANY requests when I've had to in a given
tactical situation, and advised others to do so in similar situations
when it was part of the least-worst option set to achieve partial
service recovery.
That's different from blocking them all the time.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the dns-operations
mailing list