[dns-operations] if you're banning ANY queries, don't forget to ban SOA as well

Roland Dobbins rdobbins at arbor.net
Mon Sep 5 17:32:19 UTC 2016

On 5 Sep 2016, at 22:39, Jim Reid wrote:

> This probably won't produce as big a bang for their buck because the 
> response payload for that qtype is unlikely to be as chunky as an ANY 
> response.

See the previous discussion - most DDoS attacks are overkill, most 
reflection/amplification DDoS attacks are overkill.

Also, note that some attackers set up their own domains with large 
records precisely in order to use them for reflection/amplification 

Roland Dobbins <rdobbins at arbor.net>

More information about the dns-operations mailing list