[dns-operations] Amplification attack today ?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Mar 6 09:06:38 UTC 2007
On Mon, Mar 05, 2007 at 11:57:15PM +0100,
Peter Dambier <peter at peter-dambier.de> wrote
a message of 172 lines which said:
> It is a bind config-file that queries the authoritative TLD servers
> directly without going through the root-servers, just in case you
> are blackholed or the root-servers are attacked again.
This is exactly the same as making your resolvers authoritative for
"." and downloading the root zone. Same features, same problems (see
the discussion in
http://www.circleid.com/posts/attack_internet_root_servers/).
> This data is provided by a group of users
I love that. Within the ICANN system, we know who decides (the US
governement). Within this new system, it is much better: we depend on
"a group of users".
More information about the dns-operations
mailing list