[dns-operations] EDNS vs DDOS scrubbing - was Re: Nice to see Amazon Route 53 remove the EDNS(1) filters for *.co.uk.
Mark Andrews
marka at isc.org
Wed May 27 14:06:09 UTC 2015
In message <22B1AA19-3A88-401D-BCAE-0EBCE2332D22 at arbor.net>, "Roland Dobbins"
writes:
> On 27 May 2015, at 19:00, Mark Andrews wrote:
>
> > Yes, EDNS compliance issues have been traced to scrubbing services and
> > firewalls.
>
> Competent DDoS scrubbing <> EDNS0 problems, FYI. If that's happening
> with some specific scrubbing service, it's because those particular
> organizations are Doing It Wrong.
I agree with you, which is why I said the rules can be changed. At
least one scrubbing service was dropping queries based on EDNS
extension use in the query within the last month or so based on the
feedback on reporting a problem with a DNS server.
Mark
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list