[dns-operations] .se being used as seed data in dns attacks

Matt Ghali matt at snark.net
Thu Aug 10 23:59:22 UTC 2006

On Thu, 10 Aug 2006, Edward Lewis wrote:

> Welcome to DNSSEC.  That's what DNSSEC is.  A lot more bytes and
> records.  When I ran dig at the a server:
> ...
> This is why I've pushed back on the notion that open recursive name
> servers are the most evil being on the face of the planet.  Sooner or
> later there will be a plethora of authoritative servers to use for
> amplification.
> It's not that DNSSEC has a choice.  There's no DNSSEC-lite
> alternative that was passed over.  Just about any improvement on DNS
> will bloat the answers in one way or another.

I, for one, completely agree with you, Ed- DNSSEC is without doubt 
the most evil being on the face of the planet- dwarfing any sort of 
ORN badness.


--matt at snark.net------------------------------------------<darwin><
   Moral indignation is a technique to endow the idiot with dignity.
                                                 - Marshall McLuhan

More information about the dns-operations mailing list