[dns-operations] First experiments with DNS dampening to fight amplification attacks

Lutz Donnerhacke lutz at iks-jena.de
Mon Oct 1 19:30:43 UTC 2012

* Paul Vixie wrote:
> as queries, so there is no bit-level amplification. and the packet level
> replication is attenuated. this makes a DNS RRL server "less attractive"
> than a directed attack, which is literally the best we can hope to
> accomplish here -- the attacks will go on but our authority servers
> don't have to be involved.

Exactly that's the result, I do observe. Attack(!) traffic decreased from
ten Mbps to two Mbps within weeks.

I do not aim for more.

More information about the dns-operations mailing list