[dns-operations] DNS "security" and DDoS attacks

Lutz Donnerhacke lutz at iks-jena.de
Mon Mar 29 15:47:49 UTC 2010


* George Barwood wrote:
> You cannot stop ALL attacks, but there is a class of attacks that can be stopped
> with relatively low administrative cost which DNSSEC in it's present form does not address.

DNSSEC *can* be used to filter out the correct answers from a set of
received responses. Please do not address an implementation issue to be a
protocol failure.



More information about the dns-operations mailing list