[dns-operations] responding to spoofed ANY queries

George Michaelson ggm at apnic.net
Thu Jan 10 09:53:36 UTC 2013

On Jan 10, 2013 7:49 PM, "Jim Reid" <jim at rfc1035.com> wrote:

> It would be nice if ANY queries just got thrown away. I can live with the
breakage that causes. YMMV. However if there was something that generally
blocked or discarded ANY queries, the bad guys would switch to some other
QTYPE that can't be blocked without causing significant operational
> _______________________________________________

What makes you think they won't? I mean, isn't this a classic mistake of
cold war defense modelling, that you assume your enemy will use weapons you
can confidently defend against and ignore the ones you suspect you cannot?

ANY has good amplification. If its not working, they surely will move to
others. Or both. And if it is working they may move to others anyway.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130110/bcb83c89/attachment.html>

More information about the dns-operations mailing list