[dns-operations] DNS Attack over UDP fragmentation

Dan York york at isoc.org
Wed Sep 4 17:01:47 UTC 2013


On 9/4/13 12:12 PM, "Paul Vixie" <paul at redbarn.org> wrote:

>how much more money, brains, and time are we going to collectively waste
>on dns (so, a WOMBAT) to solve the problems dnssec solves, rather than
>just deploying dnssec?

My interest in understanding this attack is to understand how severe it
may be and whether or not it would be prevented by full deployment of
DNSSEC.  If it can be shown that this is a very real issue that DNSSEC
could prevent, there is suddenly another really good argument that can be
used to strongly encourage operators and enterprises to deploy DNSSEC.


Dan York
Senior Content Strategist, Internet Society
york at isoc.org <mailto:york at isoc.org>   +1-802-735-1624
Jabber: york at jabber.isoc.org <mailto:york at jabber.isoc.org>
Skype: danyork   http://twitter.com/danyork


More information about the dns-operations mailing list