[dns-operations] Why would an MTA issue an ANY query instead of an MX query?

Tony Finch dot at dotat.at
Mon Jun 11 14:47:20 UTC 2012


Vernon Schryver <vjs at rhyolite.com> wrote:
>
> My hope and almost ambition for the code I've been working on is
> find a default set of parameters response rate limiting parameters
> to reduce the nuisance of open resolvers.

Do you expect the parameters to differ for reflected amplification attacks
on authoritative servers? (which is the case that I care about.)

Have you considered minimal truncated replies as an alternative response
to over-limit clients? The idea being to move legit queries from the
victims onto TCP.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Portland: Variable 3 or 4, becoming northerly or northwesterly 4 or 5,
occasionally 6 in east. Slight or moderate. Occasional rain. Moderate or good,
occasionally poor.



More information about the dns-operations mailing list