[dns-operations] summary of recent vulnerabilities in DNS security.

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Oct 22 12:13:17 UTC 2013


On Tue, Oct 22, 2013 at 10:48:52AM +0100,
 Tony Finch <dot at dotat.at> wrote 
 a message of 43 lines which said:

> Apart from avoiding fragments, are there other ways to mitigate this
> attack?

If I remember correctly, in her paper, Shulman mentioned possible
rules at the registry: limiting the maximum number of name servers per
domain, the length of the name servers' names, etc. This is to make
more difficult to force the registry's name servers to send big
answers.




More information about the dns-operations mailing list