[dns-operations] DNS ANY requests from Amazon?

Dobbins, Roland rdobbins at arbor.net
Tue Dec 18 20:32:54 UTC 2012


On Dec 18, 2012, at 10:30 PM, Paul Vixie wrote:

> RRL is designed in a way that keeps state manageably finite. 

Sure, but RRL isn't the issue; it's all the rest of what 'application firewalls' do which causes them to choke.  I've yet to see one which doesn't choke under even moderate DDoS, and have never seen one which implements any form of classification in a stateless or minimized-state manner.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton




More information about the dns-operations mailing list