[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
Dobbins, Roland
rdobbins at arbor.net
Wed Jun 22 08:25:27 UTC 2011
On Jun 22, 2011, at 3:38 AM, Stephane Bortzmeyer wrote:
> Is there somewhere an existing list of practices which can be used by authoritative DNSSEC name servers to mitigate the problem?
AFAIK, homegrown solutions which rely upon query/response evaluation (if the server(s) in question can afford logging); a Mark I Eyeball used in conjunction with something like dnstop; or IDMS.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
More information about the dns-operations
mailing list