First post to this list, play nice 
Are you sure about this? I'm seeing these requests on /every/ (unrelated) NS I have access to, which numbers several dozen, in various countries across the world, and from various registries (.net, .org, .com.au). The spread of servers I've checked is so random that I'm wondering just how many NS records they've laid their hands on.
I've also noticed that on a server running BIND 9.3.4-P1 with recursion disabled, they're still appear to be getting the list of root NS's from cache, which is a 272-byte response to a 61-byte request, which by my definition is an amplification.
Cheers,
Jay
Once upon a time, jay@miscreant.org <jay@miscreant.org> said:
I've also noticed that on a server running BIND 9.3.4-P1 with
recursion disabled, they're still appear to be getting the list of
root NS's from cache, which is a 272-byte response to a 61-byte
request, which by my definition is an amplification.
Add "additional-from-cache no;" to the options{} section of your
named.conf.
Quoting Chris Adams <cmadams@hiwaay.net>:
Once upon a time, jay@miscreant.org <jay@miscreant.org> said:
I've also noticed that on a server running BIND 9.3.4-P1 with
recursion disabled, they're still appear to be getting the list of
root NS's from cache, which is a 272-byte response to a 61-byte
request, which by my definition is an amplification.
Add "additional-from-cache no;" to the options{} section of your
named.conf.
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
Thanks for the response Chris.
I'm running higher versions of BIND, so don't see this behaviour. But I will pass it on to the ISP in question 