[dns-operations] Weird TXT record

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Jun 22 07:08:14 UTC 2011

On Wed, Jun 22, 2011 at 06:20:34AM +0000,
 Dobbins, Roland <rdobbins at arbor.net> wrote 
 a message of 22 lines which said:

> This technique is quite popular today - the largest DDoS attacks we
> see are DNS reflection/amplification attacks, and DNSSEC deployment
> has made it far easier to elicit a large answer for the
> amplification part.

Any public numbers about the relative importance of "DNSSEC query on a
signed domain" vs. "a big TXT", in amplification attacks? When you say
"DNSSEC deployment has made it far easier", do you refer to a
theoretical analysis or to a real phenomenon seen in the wild?

More information about the dns-operations mailing list