[dns-operations] "bad infosec economics " Re: <something paul wrote>

Tony Finch dot at dotat.at
Tue Jun 12 17:18:54 UTC 2012


Edward Lewis <Ed.Lewis at neustar.biz> wrote:

> We've collectively known about Dan Bernstein's use of t=ANY for a decade
> and we know he's reluctant to listen to calls for change nor make the
> change.

It's a bit unfair to blame DJB for bugs in software he abandoned 14 years
ago and which is now maintained by other people. In any case bugs in qmail
are irrelevant to the problem of DDOS attacks.

> PS - One possibility, instead of simply not responding, send back
> rcode=REFUSED.

Minimum-size truncated packets are the same size and friendlier to the
victim of the attack. See the RRL "slip" feature.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Viking: North 5 to 7. Rough, occasionally moderate later. Mainly fair. Good.



More information about the dns-operations mailing list