[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
David Conrad
drc at virtualized.org
Fri Jun 24 17:43:52 UTC 2011
On Jun 24, 2011, at 7:37 AM, Rick Jones wrote:
> OK, perhaps my (ab)using "de jure" was setting myself up for that... The question was do the RFCs covering DNS require caching of responses?
Others more familiar with the letter of the RFCs can probably answer better than I, but I'd have to ask: does it matter? We're talking operations here...
Operationally, do you think an authoritative server should respond to (say) 100 qps of the same query from the same source (assuming a reasonable TTL on the response)?
Regards,
-drc
More information about the dns-operations
mailing list