[dns-operations] Storm on the DNS

Jared Mauch jared at puck.nether.net
Thu Dec 17 13:48:59 UTC 2015

> On Dec 16, 2015, at 1:49 AM, Roland Dobbins <rdobbins at arbor.net> wrote:
> On 16 Dec 2015, at 13:39, Yonghua Peng wrote:
>> So we have no valid way to defend a spoofed IP attack?
> Yes, we do.  The issue is complete traceback to the actual sources of the spoofed packets, through multiple administrative domains run by the ignorant, the inept, and/or the indifferent.

For me, what’s important is having multiple planes available for mitigation:

TCP, UDP, v4, v6.

A server that is able to send/receive queries on all will be better suited to deal with a robust set of events.

Basically: Yes, there is a reason to IPv6 enable your DNS server even if your clients are IPv4 only.

- Jared

More information about the dns-operations mailing list