[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

David Conrad drc at virtualized.org
Fri Jun 24 17:43:52 UTC 2011

On Jun 24, 2011, at 7:37 AM, Rick Jones wrote:
> OK, perhaps my (ab)using "de jure" was setting myself up for that... The question was do the RFCs covering DNS require caching of responses?

Others more familiar with the letter of the RFCs can probably answer better than I, but I'd have to ask: does it matter?  We're talking operations here...

Operationally, do you think an authoritative server should respond to (say) 100 qps of the same query from the same source (assuming a reasonable TTL on the response)?


More information about the dns-operations mailing list