[dns-operations] Side effects of enabling DNSSEC?
Dobbins, Roland
rdobbins at arbor.net
Fri Aug 3 04:28:40 UTC 2012
On Aug 3, 2012, at 10:07 AM, Mohamed Lrhazi wrote:
> I guess I should ask the same question about side effects when there are no configuration mistakes at all :)
One unintended consequence of DNSSEC deployment is that it has made DNS reflection/amplification attacks even easier - rather than have to dork around looking for large TXT records or issuing ANY queries, the attack is guaranteed that he'll get at least a 1300-byte response for all spoofed the queries he issues to DNSSEC-capable DNS servers.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the dns-operations
mailing list