[dns-operations] First experiments with DNS dampening to fight amplification attacks

[Ralph Babel]

Jim Reid wrote:

> Besides, a genuine resolver will also have
> a non rate-limiting server to query unless all
> the name servers for some domain are under attack.

... which seems to be the case, at least for the
name servers I have access to: all servers for a
particular domain are attacked concurrently. New name
servers won't be picked up by the attacker(s) in real
time, but eventually, they do get added to their list.