[dns-operations] DNS deluge for x.p.ctrc.cc

Stephen Gill gillsr at cymru.com
Mon Feb 27 22:43:48 UTC 2006

Hi Marc,

> Recursive is redundant in the above sentence.  Just about
> any DNS response to a QUERY is a amplification.  RUFUSED
> is normally 1:1, FORMERR is about the only response that
> should result in a reduction

Not really, it's just describing the amount of amplification.  In this case,
approximately 1:73.  That's considerably worse than the average query.

> Sure go ahead and inform the open servers, if only for their
> own protection, but it will have little effect on this problem.

I'm not sure I agree.  We've already seen great success in getting many open
recursive servers closed down, vendors notified when they don't have that
ability yet, increased awareness, etc.   The fewer open recursive servers
there are, the smaller the amplification window available for abuse.

Steve, Team Cymru

More information about the dns-operations mailing list