Sebastian Nielsen
2017-Jun-06 02:09 UTC
[nsd-users] Set NSD to ignore, instead of refusing, external recursive queries?
What do you mean? Some security scans say the following: External Query: Rejected (Recommended: Drop) And list it as a yellow status. -----Ursprungligt meddelande----- Fr?n: Paul Wouters [mailto:paul at nohats.ca] Skickat: den 6 juni 2017 04:03 Till: Sebastian Nielsen <sebastian at sebbe.eu> Kopia: nsd-users at NLnetLabs.nl ?mne: Re: [nsd-users] Set NSD to ignore, instead of refusing, external recursive queries? On Mon, 5 Jun 2017, Sebastian Nielsen wrote:> Is it possible to tell NSD to just drop recursive queries, instead of replying with a ?REFUSED? message?Why do you want to receive double the queries? Paul -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6298 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20170606/4851e492/attachment.bin>
Paul Wouters
2017-Jun-06 02:55 UTC
[nsd-users] Set NSD to ignore, instead of refusing, external recursive queries?
On Tue, 6 Jun 2017, Sebastian Nielsen wrote:>>> Is it possible to tell NSD to just drop recursive queries, instead of replying with a ?REFUSED? message? >> >> Why do you want to receive double the queries?> What do you mean?If a real DNS client is sending you a query, and it does not get a response, it will likely try 2 more times. By not answering, you will get double or tripple the traffic.> Some security scans say the following: > > External Query: > Rejected (Recommended: Drop) > > And list it as a yellow status.Some security software needs to hire some DNS people :) Paul