[dns-operations] Side effects of enabling DNSSEC?

Dobbins, Roland rdobbins at arbor.net
Fri Aug 3 04:28:40 UTC 2012

On Aug 3, 2012, at 10:07 AM, Mohamed Lrhazi wrote:

> I guess I should ask the same question about side effects when there are no configuration mistakes at all :) 

One unintended consequence of DNSSEC deployment is that it has made DNS reflection/amplification attacks even easier - rather than have to dork around looking for large TXT records or issuing ANY queries, the attack is guaranteed that he'll get at least a 1300-byte response for all spoofed the queries he issues to DNSSEC-capable DNS servers.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the dns-operations mailing list