[dns-operations] responding to spoofed ANY queries

Frank Bulk frnkblk at iname.com
Sun Jan 13 04:18:30 UTC 2013

If the problem is amplification, why not only perform RRL on only those DNS
communications exchanges that have certain amplification factor (i.e. 1.5).


-----Original Message-----
From: dns-operations-bounces at lists.dns-oarc.net
[mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of SM
Sent: Thursday, January 10, 2013 8:34 AM
To: ggm at apnic.net
Cc: dns-operations at lists.dns-oarc.net
Subject: Re: [dns-operations] responding to spoofed ANY queries

Hi George,
At 01:53 10-01-2013, George Michaelson wrote:
>What makes you think they won't? I mean, isn't this a classic 
>mistake of cold war defense modelling, that you assume your enemy 
>will use weapons you can confidently defend against and ignore the 
>ones you suspect you cannot?

There are parallels with antispam.  The current suspect (ANY queries) 
will be considered as bad.  Abusers will move to the next low-hanging 
fruit  [1].  I would have to do something about the low-hanging fruit 
if it turns into an operational problem.

The problem is amplification.  It can only be mitigated.



dns-operations mailing list
dns-operations at lists.dns-oarc.net
dns-jobs mailing list

More information about the dns-operations mailing list