[Pdns-users] Queries .domain. Attack to root server?

Peter van Dijk peter.van.dijk at powerdns.com
Sun Dec 13 15:57:30 UTC 2015

Hello Federico,

On 13 Dec 2015, at 16:17, Federico Olivieri wrote:

> It seems quite odd to me but not sure if is a kind of attack to root
> server. Anyone has any idea/suggestion? In case, how can I block it 
> (was
> thinking about and iptables filter for .domain queries)

If you set root-nx-trust in your recursor.conf, the Recursor will turn 
the first NXDOMAIN into a negative cache entry for the whole domain 
‘TLD’, until that entry expires. This will severely reduce your 
outgoing queries for names under .domain.

Kind regards,
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

More information about the Pdns-users mailing list