[dns-operations] DNS "security" and DDoS attacks
Lutz Donnerhacke
lutz at iks-jena.de
Mon Mar 29 15:47:49 UTC 2010
* George Barwood wrote:
> You cannot stop ALL attacks, but there is a class of attacks that can be stopped
> with relatively low administrative cost which DNSSEC in it's present form does not address.
DNSSEC *can* be used to filter out the correct answers from a set of
received responses. Please do not address an implementation issue to be a
protocol failure.
More information about the dns-operations
mailing list