[dns-operations] First experiments with DNS dampening to fight amplification attacks

Mark Andrews marka at isc.org
Fri Sep 28 13:56:18 UTC 2012

Server cookies are the way to go though I would add timestamps so
that server secrets don't need to be changed.  The time stamp would
have to be within X seconds of the servers current concept of time
or it will be treated as a bad cookie.  The time would be concatenated
to the rest of the data to be hashed.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list