[dns-operations] DNS deluge for x.p.ctrc.cc
paul at vix.com
Mon Feb 27 00:45:22 UTC 2006
# Even if you block all the non-local recursive queries there are
# still enough authoritative servers with big RRsets that you can
# query for.
since such servers would be doing nothing wrong, there'd be no basis for
shunning them. still, some kind of WRED could be employed at the victim's
border if the number of servers sending these big responses was small enough.
my gut-level assumption is that there won't be 580K authority servers (or
122K or 1M or whatever) available to participate in this kind of amplification
the way that's currently being seen with open recursive servers. (right?)
More information about the dns-operations