<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><br></div><div><br>On Dec 10, 2014, at 20:27, Dnsbed (Jeff) <<a href="mailto:support@dnsbed.com">support@dnsbed.com</a>> wrote:<div style="display: table; width: 100%; border-top-width: 1px; border-top-style: solid; border-top-color: rgb(237, 238, 240); padding-top: 5px;"><div style="display:table-cell;vertical-align:middle;padding-right:6px;"><compose-unknown-contact.jpg></div><div style="display:table-cell;white-space:nowrap;vertical-align:middle;width:100%"><a moz-do-not-send="true" href="mailto:bortzmeyer@nic.fr" style="color:#737F92 
!important;padding-right:6px;font-weight:bold;text-decoration:none 
!important;">Stephane Bortzmeyer</a></div><div style="display:table-cell;white-space:nowrap;vertical-align:middle;"><font color="#9FA2A5"><span style="padding-left:6px">2014年12月10日下午8:55</span></font></div></div></div><blockquote type="cite"><blockquote style="border: 0px none;" cite="mid:20141210125546.GA912@nic.fr" type="cite">
  <div style="color:#888888;margin-left:24px;margin-right:24px;" __pbrmquotes="true" class="__pbConvBody"><div>On Tue, Dec 02, 2014 at 
02:01:48PM +0800,<br> Ken Peng <a class="moz-txt-link-rfc2396E" href="mailto:yhpeng@orange.fr"><yhpeng@orange.fr></a> wrote <br></div><div><!----><br>By
 the way, they published a good technical report:<br><br><a class="moz-txt-link-freetext" href="http://blog.dnsimple.com/2014/12/incident-report-ddos/">http://blog.dnsimple.com/2014/12/incident-report-ddos/</a><br>_______________________________________________<br>dns-operations
 mailing list<br><a class="moz-txt-link-abbreviated" href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a><br><a class="moz-txt-link-freetext" href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>dns-jobs
 mailing list<br><a class="moz-txt-link-freetext" href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a><br></div></div>
</blockquote>
<br>
<span>UDB is hard to be defensed, as the spooled IPs are hard to setup 
the correct firewall rules.  <br>
Can we guess the next generation of DNS will service primarily using 
TCP? </span><br>
<br></blockquote><div><br></div>I hope not. Poor UDP firewall rules is a terrible reason. <div><br></div><div><br></div></body></html>