[dns-operations] DNS ANY requests / UltraDNS

Lutz Donnerhacke lutz at iks-jena.de
Thu Jan 10 08:34:54 UTC 2013


* Colm MacCárthaigh wrote:
> On Wed, Jan 9, 2013 at 4:24 PM, Scott Brynen
><scott.brynen at visioncritical.com> wrote:
>> In an interesting development to this, UltraDNS are starting to REFUSE a
>> UDP/ANY request on some of their name servers.
>
> Considering that a status=REFUSED response is exactly as large as a
> TC=1 response with no answer section, is there a technical benefit to
> responding with REFUSED?

Both approches does not help. The traffic generated by such small answers to
spoofed queries is still sufficient to bring the target down. Be there, done
that, got sued.

That's why I switched to a much more aggressive "DNS dampening".



More information about the dns-operations mailing list