[dns-operations] if you're banning ANY queries, don't forget to ban SOA as well

Roland Dobbins rdobbins at arbor.net
Sun Sep 4 04:57:24 UTC 2016

On 4 Sep 2016, at 11:42, Roland Dobbins wrote:

> You're generalizing your particular experience.

FWIW, my guess is that attackers launching DNS reflection/amplification 
attacks against Google properties/networks are making the incorrect 
assumption that it would be more problematic for Google to block attack 
traffic sourced from recursive resolvers than from authoritatives.  
That, along with copy-catting and attacker/attack infrastructure 

Most attackers aren't very knowledgable.  The sad part is that their 
suboptimal, poorly-constructed attacks tend to succeed, anyways - not 
against organizations like Google, but against the unprepared.

Roland Dobbins <rdobbins at arbor.net>

More information about the dns-operations mailing list