I'm seeing a substantial volume of queries against my server that appear to be DDoS amplification attempts, despite the fact that acme-dns responds with small NXDOMAIN responses. I think responding REFUSED when the recursion desired bit is set might reduce this, can that be added as an option, preferably on by default?
I'm seeing a substantial volume of queries against my server that appear to be DDoS amplification attempts, despite the fact that acme-dns responds with small NXDOMAIN responses. I think responding REFUSED when the recursion desired bit is set might reduce this, can that be added as an option, preferably on by default?