[dns-operations] dns-operations at lists.dns-oarc.net

[Chris Adams]

Once upon a time, Patrick W. Gilmore <patrick at ianai.net> said:
> If you are looking for DDoS resilience, the answer is not "X times normal".  A DDoS is not a multiple of your normal traffic, it is whatever the botnet can throw at you.

The OP asked about caching DNS servers.  In general, you should only be
providing caching DNS services to your own network, not the Internet at
large.  Inside your network, you should be implementing BCP38; you
shouldn't have to deal with spoofing within your own network.

At that point, random botnets are not the problem.  If you get an
excessive number of queries from a customer, you can shut off the
customer (because either they have broken software or they're infected).

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.