[dns-operations] my answer to "i heard dnssec was a ddos threat, should i avoid it?" on serverfault today
Rodgers, Anthony (DTMB)
RodgersA1 at michigan.gov
Wed Jan 6 22:10:13 UTC 2016
I read it as "DNSSEC is not required *in order* to use EDNS0". In other words, if EDNS0 message size expansion is going to be a factor in DDOS amplification attacks, that can happen whether DNSSEC is used or not.
--
Anthony Rodgers
Security Analyst
Michigan Security Operations Center (MiSOC)
DTMB, Michigan Cyber Security
From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On Behalf Of David Conrad
Sent: Wednesday, January 06, 2016 16:31
To: Paul Vixie <paul at redbarn.org>
Cc: dns-operations at dns-oarc.net
Subject: Re: [dns-operations] my answer to "i heard dnssec was a ddos threat, should i avoid it?" on serverfault today
Paul,
On Jan 6, 2016, at 12:50 PM, Paul Vixie <paul at redbarn.org<mailto:paul at redbarn.org>> wrote:
http://serverfault.com/a/747213/330420
"DNSSEC is not required to use EDNS0"
?
Regards,
-drc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160106/1eb19b80/attachment.html>
More information about the dns-operations
mailing list