[dns-operations] responding to spoofed ANY queries

Gilles Massen gilles.massen at restena.lu
Thu Jan 10 13:35:49 UTC 2013


On 10/1/13 14:10 , sthaug at nethelp.no wrote:
>>> It would be nice if ANY queries just got thrown away. I can live with the

>> ANY has good amplification. If its not working, they surely will move to
>> others. Or both. And if it is working they may move to others anyway.
> 
> The bad guys are *already* using other tools than ANY queries - for
> instance, I have seen quite a few amplification attacks based on TXT
> queries.

Which is exactly why I believe it is a tremendously bad idea to burn
parts of the protocol *forever* in order to gain a short term advantage.
(in case a metric is needed: if the advantage gained is shorter than the
time needed to publish a corrective RFC, don't do it)

Gilles






More information about the dns-operations mailing list