[dns-operations] DNS deluge for x.p.ctrc.cc

Richard Doty rad at twig.com
Mon Feb 27 03:41:06 UTC 2006

On Mon, 27 Feb 2006 00:45:22 +0000  Paul Vixie wrote:
> #	...
> #
> #	Even if you block all the non-local recursive queries there are
> #	still enough authoritative servers with big RRsets that you can
> #	query for.
> <wince>
> since such servers would be doing nothing wrong, there'd be no basis for
> shunning them.  still, some kind of WRED could be employed at the victim's
> border if the number of servers sending these big responses was small enough.
> my gut-level assumption is that there won't be 580K authority servers (or
> 122K or 1M or whatever) available to participate in this kind of amplification
> the way that's currently being seen with open recursive servers.  (right?)

I guess there are two kinds of amplification - recursive and
non-recursive.  But they both depend on the victim (supposedly) asking
a question a lot of times.

Does it make sense that the victim would ask the same question over
and over?  I.e. would it be practical for a dns server (whether
authoritative or resolving) to rate-limit its response based on
sourcip+query ?


More information about the dns-operations mailing list