[dns-operations] dns retries amplify attack
Tony Finch
dot at dotat.at
Mon Oct 24 10:47:22 UTC 2016
Doug Porter <dsp at dsp.name> wrote:
> We saw as much as a 35x increase in queries toward Dyn (as33517)
> during the attacks (graph attached). I'm curious what other parties
> saw. Do we all need to think harder about preventing a pile on in
> these scenarios?
Recent versions of BIND have recursive client rate limiting which should
reduce the volume of retries to unreachable authoritative servers.
https://kb.isc.org/article/AA-01304
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Irish Sea: East 4 or 5,veering south 3 or 4. Slight or moderate. Fair. Good,
occasionally poor in south.
More information about the dns-operations
mailing list