[dns-operations] "Poorly configured DNSSEC servers at root of DDoS attacks"

Nico CARTRON nicolas at ncartron.org
Fri Sep 2 13:13:06 UTC 2016

On 2 September 2016 at 15:08:26, Daniel Kalchev (daniel at digsys.bg) wrote:

> On 2.09.2016 г., at 15:38, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Fri, Sep 02, 2016 at 01:33:08PM +0100,
> Tony Finch <dot at dotat.at> wrote 
> a message of 33 lines which said:
>> Dropping responses is likely to cause problems with legitimate ANY
>> queries.
> And it may help poisoning attacks (the spoofer no longer has a race
> with the real server).

Which is why people go to the trouble of deploying DNSSEC.
Sounds like a dog chasing its own tail, isn’t it? ;)



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160902/f10ea9d2/attachment.html>

More information about the dns-operations mailing list