[dns-operations] on amplification, udp, and dns

Lutz Donnerhacke lutz at iks-jena.de
Thu Mar 23 20:25:28 UTC 2006


* Edward Lewis wrote:
> But if DNSSEC (a desirable thing to quite a few folks) gets to 
> widespread deployment, then there will be many authoritative servers 
> that will be available for amplification services.  What a dilemma, 
> improving the security of DNS makes DNS a more valuable tool for DDoS.
>
> EDNS0 opens up the message size is needed for DNSSEC, IPv6 glue, and 
> then NATPR record in ENUM.  But then again, this improvement 
> facilitates amplification.
>
> This does not make me happy.

I have no problem with it at all.



More information about the dns-operations mailing list