[dns-operations] "Poorly configured DNSSEC servers at root of DDoS attacks"

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Sep 2 12:38:20 UTC 2016

On Fri, Sep 02, 2016 at 01:33:08PM +0100,
 Tony Finch <dot at dotat.at> wrote 
 a message of 33 lines which said:

> Dropping responses is likely to cause problems with legitimate ANY
> queries.

And it may help poisoning attacks (the spoofer no longer has a race
with the real server).

More information about the dns-operations mailing list