[dns-operations] dns retries amplify attack

Tony Finch dot at dotat.at
Mon Oct 24 10:47:22 UTC 2016

Doug Porter <dsp at dsp.name> wrote:

> We saw as much as a 35x increase in queries toward Dyn (as33517)
> during the attacks (graph attached).  I'm curious what other parties
> saw.  Do we all need to think harder about preventing a pile on in
> these scenarios?

Recent versions of BIND have recursive client rate limiting which should
reduce the volume of retries to unreachable authoritative servers.


f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Irish Sea: East 4 or 5,veering south 3 or 4. Slight or moderate. Fair. Good,
occasionally poor in south.

More information about the dns-operations mailing list