[dns-operations] my answer to "i heard dnssec was a ddos threat, should i avoid it?" on serverfault today

Rodgers, Anthony (DTMB) RodgersA1 at michigan.gov
Wed Jan 6 22:10:13 UTC 2016


I read it as "DNSSEC is not required *in order* to use EDNS0". In other words, if EDNS0 message size expansion is going to be a factor in DDOS amplification attacks, that can happen whether DNSSEC is used or not.

--
Anthony Rodgers
Security Analyst
Michigan Security Operations Center (MiSOC)
DTMB, Michigan Cyber Security

From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On Behalf Of David Conrad
Sent: Wednesday, January 06, 2016 16:31
To: Paul Vixie <paul at redbarn.org>
Cc: dns-operations at dns-oarc.net
Subject: Re: [dns-operations] my answer to "i heard dnssec was a ddos threat, should i avoid it?" on serverfault today

Paul,

On Jan 6, 2016, at 12:50 PM, Paul Vixie <paul at redbarn.org<mailto:paul at redbarn.org>> wrote:
http://serverfault.com/a/747213/330420

"DNSSEC is not required to use EDNS0"

?

Regards,
-drc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160106/1eb19b80/attachment.html>


More information about the dns-operations mailing list