[dns-operations] DNS "security" and DDoS attacks

[Lutz Donnerhacke]

* George Barwood wrote:
> You cannot stop ALL attacks, but there is a class of attacks that can be stopped
> with relatively low administrative cost which DNSSEC in it's present form does not address.

DNSSEC *can* be used to filter out the correct answers from a set of
received responses. Please do not address an implementation issue to be a
protocol failure.