Hi, I would like to know what precautions I should take if I want to expose Knot Resolver to the public. I'm especially worried about amplification attacks. Is there any example configuration that implements measures to mitigate this type of attacks?
@hectorm: the most usual precautions are (1) firewall dropping packets to that IP from outside or (2) service not even listening on a public IP. For UDP the source address is easy to spoof, so you kresd itself can't know for sure who asks and thus you'd better filter on network perimeter.