[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

David Conrad drc at virtualized.org
Fri Jun 24 23:15:55 UTC 2011


On Jun 24, 2011, at 11:49 AM, Rick Jones wrote:
> That depends on how reasonable/legitimate it is felt to toss the baby of a non-caching resolver talking to an authoritative server out with the bathwater of an attack.

I'm curious: can you point to a non-caching resolver with non-trivial deployment?  (Not denying they exist, honestly curious).


More information about the dns-operations mailing list