[dns-operations] if you're banning ANY queries, don't forget to ban SOA as well
Roland Dobbins
rdobbins at arbor.net
Sun Sep 4 04:57:24 UTC 2016
On 4 Sep 2016, at 11:42, Roland Dobbins wrote:
> You're generalizing your particular experience.
FWIW, my guess is that attackers launching DNS reflection/amplification
attacks against Google properties/networks are making the incorrect
assumption that it would be more problematic for Google to block attack
traffic sourced from recursive resolvers than from authoritatives.
That, along with copy-catting and attacker/attack infrastructure
affinities.
Most attackers aren't very knowledgable. The sad part is that their
suboptimal, poorly-constructed attacks tend to succeed, anyways - not
against organizations like Google, but against the unprepared.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the dns-operations
mailing list