[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
Dobbins, Roland
rdobbins at arbor.net
Mon Jun 27 04:30:30 UTC 2011
On Jun 24, 2011, at 10:27 PM, Hauke Lampe wrote:
> I don't think authoritative servers can do much against amplification attacks, except maybe not answering to queries for unknown zones instead of refusing it.
There are in fact ways to deal with this, but they involve making use of mitigation tools such as S/RTBH, flowspec, and/or IDMS.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
More information about the dns-operations
mailing list