[dns-operations] First experiments with DNS dampening to fight amplification attacks

Ralph Babel rbabel at babylon.pfm-mainz.de
Thu Oct 4 12:12:00 UTC 2012

Jim Reid wrote:

> Besides, a genuine resolver will also have
> a non rate-limiting server to query unless all
> the name servers for some domain are under attack.

... which seems to be the case, at least for the
name servers I have access to: all servers for a
particular domain are attacked concurrently. New name
servers won't be picked up by the attacker(s) in real
time, but eventually, they do get added to their list.

More information about the dns-operations mailing list