[dns-operations] DNS deluge for x.p.ctrc.cc
Richard Doty
rad at twig.com
Mon Feb 27 03:41:06 UTC 2006
On Mon, 27 Feb 2006 00:45:22 +0000 Paul Vixie wrote:
> # ...
> #
> # Even if you block all the non-local recursive queries there are
> # still enough authoritative servers with big RRsets that you can
> # query for.
>
> <wince>
>
> since such servers would be doing nothing wrong, there'd be no basis for
> shunning them. still, some kind of WRED could be employed at the victim's
> border if the number of servers sending these big responses was small enough.
> my gut-level assumption is that there won't be 580K authority servers (or
> 122K or 1M or whatever) available to participate in this kind of amplification
> the way that's currently being seen with open recursive servers. (right?)
I guess there are two kinds of amplification - recursive and
non-recursive. But they both depend on the victim (supposedly) asking
a question a lot of times.
Does it make sense that the victim would ask the same question over
and over? I.e. would it be practical for a dns server (whether
authoritative or resolving) to rate-limit its response based on
sourcip+query ?
Richard.
More information about the dns-operations
mailing list