[dns-operations] "Poorly configured DNSSEC servers at root of DDoS attacks"

[Georg Kahest]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 09/02/2016 10:44 AM, Stephane Bortzmeyer wrote:
> Apparently, "poorly configured" == "accepts ANY queries". One more
> bad article in the media:
> 
> http://www.infoworld.com/article/3109581/security/poorly-configured-dn
ssec-servers-at-root-of-ddos-attacks.html
>
> 
_______________________________________________
> dns-operations mailing list dns-operations at lists.dns-oarc.net 
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations 
> dns-operations mailing list 
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> 

Actually the original article from neustrar glances the correct solution
:


Best Practices for Mitigation –For organizations that rely on DNSSEC,
Neustar recommends ensuring that your DNS provider does not respond to
“ANY” queries or has a mechanism in place to identify and prevent misuse
.


https://www.neustar.biz/about-us/news-room/press-releases/2016/dnssec

- -- 
Georg Kahest
System Administrator / Süsteemiadministraator

Eesti Interneti SA   Paldiski mnt 80, 10617 Tallinn
Tel 727 1016  Mobiil 58 50 35 64
www.internet.ee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXyUCSAAoJEFDOdES6xIFjMksP/2PckWziMD8U+3M+zM1O6RFg
pJf49qvQ3vPX76vZf9n+Qf+n8YaOtxuYkuIbquLDLhiIMXr0esPviIhN+p2opPkg
shU0S2aw6/9Zx/obUvjOBDG13Cj3WHrnqMO4z3qbvmt8Ys7EZnFsaxt+brAPp3QW
E72nR5RJNSkQeK+heuYZWva3rFWOhqo3c9c0x+YvCeKxdSrJGzAp0iQhQyDoRh/Z
dDC6S34FMyy9mSDqCBajgWuqF4kC+UtkHoOM41pDNjrV1K6G6XVWHiQh9FC3JMnd
F7jkzlMqFE/+lqBSngQ5b44yXXaupz1QPuffDSePeooJIQPsk/1Pv7ejIhKZsG/O
m+HsouKU79kBx++vD3s25vtXf2RGm5ue/UneS+yPhtlaYattUBnSUnaDNj2mekJj
AUcTcBXojxa/oNPaOn0uma52Y04lpwwO+rTnpRwiBbmd38rK84bNge9TrnB9bYny
zFCMW+SfPUzQpmbIDmP/xEoMQhfOLGCRvpUqH6wuvcWRQVNZW4XcqRA/pMfzbWeo
YuSw6KvvZU0fwhmauKBNxk3gDdZ2J2lBbZIKFTCRCANpVl/WSoUPHUUMcplcvyw4
EAM0AYh08/41X4Lx/ghZFLe7h3eSFSs4nFd94VpFr1OlPoey/1fQYuovg3L/R/pP
F+BApFmlGMMBQgQD5HE1
=T9+j
-----END PGP SIGNATURE-----