Sebastian Nielsen
2017-Jun-05 21:24 UTC
[nsd-users] Set NSD to ignore, instead of refusing, external recursive queries?
Is it possible to tell NSD to just drop recursive queries, instead of replying with a "REFUSED" message? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20170605/665e6b09/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6298 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20170605/665e6b09/attachment.bin>
Paul Wouters
2017-Jun-06 02:03 UTC
[nsd-users] Set NSD to ignore, instead of refusing, external recursive queries?
On Mon, 5 Jun 2017, Sebastian Nielsen wrote:> Is it possible to tell NSD to just drop recursive queries, instead of replying with a ?REFUSED? message?Why do you want to receive double the queries? Paul
Sebastian Nielsen
2017-Jun-06 02:09 UTC
[nsd-users] Set NSD to ignore, instead of refusing, external recursive queries?
What do you mean? Some security scans say the following: External Query: Rejected (Recommended: Drop) And list it as a yellow status. -----Ursprungligt meddelande----- Fr?n: Paul Wouters [mailto:paul at nohats.ca] Skickat: den 6 juni 2017 04:03 Till: Sebastian Nielsen <sebastian at sebbe.eu> Kopia: nsd-users at NLnetLabs.nl ?mne: Re: [nsd-users] Set NSD to ignore, instead of refusing, external recursive queries? On Mon, 5 Jun 2017, Sebastian Nielsen wrote:> Is it possible to tell NSD to just drop recursive queries, instead of replying with a ?REFUSED? message?Why do you want to receive double the queries? Paul -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6298 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20170606/4851e492/attachment.bin>
Ondřej Surý
2017-Jun-19 07:07 UTC
[nsd-users] Set NSD to ignore, instead of refusing, external recursive queries?
And make yourself more vulnerable to off-path spoofing attackers? That's a really bad idea. O. -- Ond?ej Sur? <ondrej at sury.org> Knot DNS (https://www.knot-dns.cz/) ? a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) ? secure, privacy-aware, fast DNS(SEC) resolver V?e pro chleba (https://vseprochleba.cz) ? Mouky ze ml?na a pot?eby pro pe?en? chleba v?eho druhu On Mon, Jun 5, 2017, at 23:24, Sebastian Nielsen wrote:> Is it possible to tell NSD to just drop recursive queries, instead of > replying with a "REFUSED" message? > > _______________________________________________ > nsd-users mailing list > nsd-users at NLnetLabs.nl > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users > Email had 1 attachment: > + smime.p7s > 9k (application/pkcs7-signature)