[dns-operations] DNS Amplification Attacks

Geo. geoincidents at nls.net
Wed Mar 22 11:10:40 UTC 2006

> How about use the pros of UDP? I patched my DNS server to send recursing
> results with an TTL of 5 by default. If the software developers of DNS
> servers would add an default TTL to UDP responses to not above 7, open dns
> servers will not be the problem anyway.

Creative and eloquent, I really like that, but OMG the possible problems
this could cause and the difficulty in trying to trouble shoot them are
immeasurable. It would make the internet totally indeterminate because
nothing has to take the same route twice.

Imagine you are multihomed with 5 connection points and due to heavy sunspot
activity routers all over the planet start winking in and out..

When everything runs perfectly this works. When things get bad, this would
make them worse.

But don't let me discourage you, we need more creative thinkers like you
working on this sort of problem. A solution of this type would be wonderful.


More information about the dns-operations mailing list