[dns-operations] responding to spoofed ANY queries

Florian Weimer fw at deneb.enyo.de
Sat Jan 12 21:45:46 UTC 2013


> The problem is amplification.

No, the actual problem is source address spoofing.

> It can only be mitigated.

The spoofing problem could be mitigated if we actually wanted to, and
were willing to punish those who try to send their pollution to the
rest of the network.

We just need to admit that self-regulation by the industry has failed
to address this matter adequately.



More information about the dns-operations mailing list