[dns-operations] Google DNS used as amplification - aren't they caching?
Paul Wouters
paul at nohats.ca
Wed Aug 6 20:33:25 UTC 2014
On Wed, 6 Aug 2014, Casey Deccio wrote:
> Why does google dns seems so inefficient at caching?
>
> Google's implementation seems to recursively query for and cache ANY based on the entire set of records for the same name,
> rather than on a per-record basis. nohats.ca includes an NSEC3PARAM record with TTL 0. This results in zero caching of ANY
> queries.
I can confirm that changing the signed zone and setting the NSEC3PARAM
TTL to 86400 instantly reduced the stream of ANY queries from a few
hunderd qps to a few qps. (My apologies to whomever is the victim of
this attack - I guess google's cache will be more effectively DDoSing
you now via the open resolvers)
So I guess it's worth poking the recursive resolver people about.
Paul
More information about the dns-operations
mailing list