[dns-operations] on amplification, udp, and dns
Lutz Donnerhacke
lutz at iks-jena.de
Thu Mar 23 20:25:28 UTC 2006
* Edward Lewis wrote:
> But if DNSSEC (a desirable thing to quite a few folks) gets to
> widespread deployment, then there will be many authoritative servers
> that will be available for amplification services. What a dilemma,
> improving the security of DNS makes DNS a more valuable tool for DDoS.
>
> EDNS0 opens up the message size is needed for DNSSEC, IPv6 glue, and
> then NATPR record in ENUM. But then again, this improvement
> facilitates amplification.
>
> This does not make me happy.
I have no problem with it at all.
More information about the dns-operations
mailing list