[dns-operations] TTL=0; Last known good answer (Re: dns retries amplify attack)

Jared Mauch jared at puck.nether.net
Mon Oct 24 15:23:55 UTC 2016

On Mon, Oct 24, 2016 at 11:47:22AM +0100, Tony Finch wrote:
> Doug Porter <dsp at dsp.name> wrote:
> > We saw as much as a 35x increase in queries toward Dyn (as33517)
> > during the attacks (graph attached).  I'm curious what other parties
> > saw.  Do we all need to think harder about preventing a pile on in
> > these scenarios?
> Recent versions of BIND have recursive client rate limiting which should
> reduce the volume of retries to unreachable authoritative servers.
> https://kb.isc.org/article/AA-01304

	I saw some people return the last known good response w/ TTL=0,
when the authorities are unresponsive.  How widely is this used/configured?

	- Jared

Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

More information about the dns-operations mailing list