[dns-operations] DNS "security" and DDoS attacks

Jim Reid jim at rfc1035.com
Mon Mar 29 14:32:17 UTC 2010


On 29 Mar 2010, at 14:48, George Barwood wrote:

> Securing the transmission channel has many security benefits

Define what you mean by "securing the transmission channel"

> in particular it stops various denial of service attacks.

Nope. It's just not possible to prevent DoS attacks on DNS because of  
the fundamental nature of what the DNS is: an open and globally  
pervasive infrastructure. The only way to prevent DoS attacks would be  
to stop people using the DNS.




More information about the dns-operations mailing list