[dns-operations] a paper on resisting spoofed traffic at dns servers

[Paul Vixie]

at http://www.ecsl.cs.sunysb.edu/~fanglu/dos_dns2.pdf we see

   The general strategy to ascertain the source of a DNS request is to send
   a cookie to the requesting host after receiving the first full request,
   and require the requesting client to attach the cookie to all subsequent
   requests.

while i consider this whacky and inpractical, the paper does begin with a
useful overview of the problem space, and it's well written.

thanks to gadi evron for sharing this URL.