[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

[Stephane Bortzmeyer]

On Wed, Jun 22, 2011 at 08:33:14AM +0000,
 Dobbins, Roland <rdobbins at arbor.net> wrote 
 a message of 20 lines which said:

> QoS is one of the worst things you can do during a DDoS attack (as a
> target or a reflection enabler) - programmatically-generated attack
> traffic will simply 'crowd out' the legitimate traffic.

Then, what do you suggest?