[dns-operations] Amplification attack today ?

Paul Vixie paul at vix.com
Tue Mar 6 14:46:27 UTC 2007

> ... Lets wait until someone really manages to use open relays for a dDoS
> against root servers, and then it will be interesting to see which solutions
> will be done.

i'm fairly sure that open-recursive has been used as a vector in ddos's
against tld servers.  that seems almost equally disruptive, to me.

> I guess implementing more root servers is the only solution then.

according to www.root-servers.org, that's already getting done.  and
according to f.root-servers.org, austria doesn't have an F.  (plz help.)

> It still won't help reducing open DNS relays, though.

i don't think anything nondraconian will help reduce open dns relays.

More information about the dns-operations mailing list