[dns-operations] How many kinds of DNS DoS attacks are we trying to stop ?

bert hubert bert.hubert at netherlabs.nl
Thu Sep 27 20:43:30 UTC 2012

On Thu, Sep 27, 2012 at 12:23:12PM -0400, Olafur Gudmundsson wrote:
> I noticed a few comments of the kind "by doing X you make Y
> possible" or "by doing Z you hurt innocent W" .
> Usually when this happens in a debate that reflects a
> partial/non-shared understanding of the problem.

Thanks for this overview. I'd like to add one note.

In general, DoS attacks vary in their sophistication.  It is always possible
to imagine an attack that can't be stopped, but meanwhile it turns out most
attacks are not very sophisticated.

We should therefore not forget to deploy something that works on the not so
sophisticated attacks we see today, and not immediately shoot for the stars.
This might in fact not be achievable.


More information about the dns-operations mailing list