[dns-operations] TTL=0; Last known good answer (Re: dns retries amplify attack)

Jared Mauch jared at puck.nether.net
Mon Oct 24 16:29:24 UTC 2016


> On Oct 24, 2016, at 12:23 PM, Mukund Sivaraman <muks at isc.org> wrote:
> 
> This will not minimize the number of fetches directed at
> an authoritative server.

I’m not certain of this, eg: bind has limits on fetches per NS, so it’s not like 1000 clients asking for the same QNAME would result in a 1K QPS load on the back-side, but these synthesized responses would certainly increase the stub -> recursive query volume assuming they honor the TTL=0.

- Jared





More information about the dns-operations mailing list