[dns-operations] Google DNS used as amplification - aren't they caching?

Paul Wouters paul at nohats.ca
Wed Aug 6 20:33:25 UTC 2014

On Wed, 6 Aug 2014, Casey Deccio wrote:

>       Why does google dns seems so inefficient at caching?
> Google's implementation seems to recursively query for and cache ANY based on the entire set of records for the same name,
> rather than on a per-record basis.  nohats.ca includes an NSEC3PARAM record with TTL 0.  This results in zero caching of ANY
> queries.

I can confirm that changing the signed zone and setting the NSEC3PARAM
TTL to 86400 instantly reduced the stream of ANY queries from a few
hunderd qps to a few qps. (My apologies to whomever is the victim of
this attack - I guess google's cache will be more effectively DDoSing
you now via the open resolvers)

So I guess it's worth poking the recursive resolver people about.


More information about the dns-operations mailing list