[dns-operations] responding to spoofed ANY queries
Gilles Massen
gilles.massen at restena.lu
Thu Jan 10 13:35:49 UTC 2013
On 10/1/13 14:10 , sthaug at nethelp.no wrote:
>>> It would be nice if ANY queries just got thrown away. I can live with the
>> ANY has good amplification. If its not working, they surely will move to
>> others. Or both. And if it is working they may move to others anyway.
>
> The bad guys are *already* using other tools than ANY queries - for
> instance, I have seen quite a few amplification attacks based on TXT
> queries.
Which is exactly why I believe it is a tremendously bad idea to burn
parts of the protocol *forever* in order to gain a short term advantage.
(in case a metric is needed: if the advantage gained is shorter than the
time needed to publish a corrective RFC, don't do it)
Gilles
More information about the dns-operations
mailing list