[dns-operations] Amplification attack today ?
Paul Vixie
paul at vix.com
Tue Mar 6 14:46:27 UTC 2007
> ... Lets wait until someone really manages to use open relays for a dDoS
> against root servers, and then it will be interesting to see which solutions
> will be done.
i'm fairly sure that open-recursive has been used as a vector in ddos's
against tld servers. that seems almost equally disruptive, to me.
> I guess implementing more root servers is the only solution then.
according to www.root-servers.org, that's already getting done. and
according to f.root-servers.org, austria doesn't have an F. (plz help.)
> It still won't help reducing open DNS relays, though.
i don't think anything nondraconian will help reduce open dns relays.
More information about the dns-operations
mailing list