[Samba] DNS amplification attacks
samba at marc-muehlfeld.de
Tue Feb 25 12:02:18 MST 2014
Am 25.02.2014 19:31, schrieb Bruno Vane:
> How can I configure samba4 to be protected against DNS amplification
> attacks? Is there a way to set the network I want it to be recursive,
> like in bind9?
Have you tried 'allow-recursion' in BIND? If this doesn't work, I guess
it's not supported (yet) in combination with the DLZ module.
> My samba4 is receiving attacks and googling I found this:
But do you really want your DC listening on your internet NIC and
provide DNS and other Samba services to internet users?
If not, you can tell Samba to listen only on the other interfaces. See
If your DNS should be accessable from the internet and you want to
manage the zones via AD, then I would recommend that you place an
additional machine with BIND in your DMZ, that is forwarding the
requests, you want to allow, to your DC.
More information about the samba