[dns-operations] CloudShield advices against dDoS
Robert Edmonds
edmonds at isc.org
Wed Feb 20 19:03:30 UTC 2013
Stephane Bortzmeyer wrote:
> http://www.cloudshield.com/applications/dns-control-traffic-load.asp
>
> My first reaction was "These solutions are incredibly stupid" and my
> second one "But let's check among the experts at the dns-operations ML
> before trolling".
hmm, s/before/while/, maybe. also, i think you're in the clear, since
their anti-trolling policy only applies to patents and not blog posts:
Referential Use Only. Third parties may reference CloudShield
patents. Referential use is prohibited is such use would defame or
disparage CloudShield, its products, or any other person or entity.
(http://www.cloudshield.com/company/patents.asp)
and hey, doesn't this behavior make kaminsky poisoning even easier?
"If this is true, why should you allow DNS queries with other
resource records like AAAA, HIP, or SIG to reach your servers?
[...] This only consumes processing time because they have no
answer. The best way to handle them is to block it upfront."
--
Robert Edmonds
edmonds at isc.org
More information about the dns-operations
mailing list