[dns-operations] responding to spoofed ANY queries
frnkblk at iname.com
Sun Jan 13 04:18:30 UTC 2013
If the problem is amplification, why not only perform RRL on only those DNS
communications exchanges that have certain amplification factor (i.e. 1.5).
From: dns-operations-bounces at lists.dns-oarc.net
[mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of SM
Sent: Thursday, January 10, 2013 8:34 AM
To: ggm at apnic.net
Cc: dns-operations at lists.dns-oarc.net
Subject: Re: [dns-operations] responding to spoofed ANY queries
At 01:53 10-01-2013, George Michaelson wrote:
>What makes you think they won't? I mean, isn't this a classic
>mistake of cold war defense modelling, that you assume your enemy
>will use weapons you can confidently defend against and ignore the
>ones you suspect you cannot?
There are parallels with antispam. The current suspect (ANY queries)
will be considered as bad. Abusers will move to the next low-hanging
fruit . I would have to do something about the low-hanging fruit
if it turns into an operational problem.
The problem is amplification. It can only be mitigated.
dns-operations mailing list
dns-operations at lists.dns-oarc.net
dns-jobs mailing list
More information about the dns-operations