[dns-operations] a paper on resisting spoofed traffic at dns servers

Paul Vixie paul at vix.com
Tue Apr 4 14:18:09 UTC 2006

at http://www.ecsl.cs.sunysb.edu/~fanglu/dos_dns2.pdf we see

   The general strategy to ascertain the source of a DNS request is to send
   a cookie to the requesting host after receiving the first full request,
   and require the requesting client to attach the cookie to all subsequent

while i consider this whacky and inpractical, the paper does begin with a
useful overview of the problem space, and it's well written.

thanks to gadi evron for sharing this URL.

More information about the dns-operations mailing list