[dns-operations] CloudShield advices against dDoS

Robert Edmonds edmonds at isc.org
Wed Feb 20 19:03:30 UTC 2013

Stephane Bortzmeyer wrote:
> http://www.cloudshield.com/applications/dns-control-traffic-load.asp
> My first reaction was "These solutions are incredibly stupid" and my
> second one "But let's check among the experts at the dns-operations ML
> before trolling".

hmm, s/before/while/, maybe.  also, i think you're in the clear, since
their anti-trolling policy only applies to patents and not blog posts:

    Referential Use Only. Third parties may reference CloudShield
    patents. Referential use is prohibited is such use would defame or
    disparage CloudShield, its products, or any other person or entity.


and hey, doesn't this behavior make kaminsky poisoning even easier?

    "If this is true, why should you allow DNS queries with other
    resource records like AAAA, HIP, or SIG to reach your servers?
    [...] This only consumes processing time because they have no
    answer. The best way to handle them is to block it upfront."

Robert Edmonds
edmonds at isc.org

More information about the dns-operations mailing list