[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

Ray Bellis Ray.Bellis at nominet.org.uk
Wed Jun 22 11:27:28 UTC 2011

On 22 Jun 2011, at 11:50, Marco Davids (SIDN) wrote:

But before you deploy that, make sure your host based firewall
understands IPv6 fragments.

I *did* say "working" ;-)

Anyhow, the point was that it's a lot harder to lock yourself out of your own box by b0rking your IPv4 firewall rules if you've got a separate set of rules for IPv6.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20110622/fb0011c5/attachment.html>

More information about the dns-operations mailing list