[dns-operations] Amplification attack today ?
Paul Vixie
paul at vix.com
Tue Mar 6 15:34:38 UTC 2007
> > ... in that light, i'd like to see them closed down unless they are
> > tightly managed and monitored and open-on-purpose (like opendns).
>
> DNSSEC is (even used in correct configuration) a great amplification tool
> for attack.
plz demonstrate or explain.
> Will you stop it, too? What happens, if your Blackhole list is mismanaged
> and some "supposed open" DNS servers are blocked by the root servers? I
> suspect the liabilty question is hard.
no rootop will ever subscribe to a blackhole list. or at least i would not.
> OTOH I have not time and no money to sue an unknown fanatic blackhole list
> maintainer. I'd prefer the Internet way and switch to other services i.e.
> other root servers. I will not be alone.
i think we're well off track.
More information about the dns-operations
mailing list