[dns-operations] happy september!
Tony Finch
dot at dotat.at
Tue Sep 6 15:52:22 UTC 2016
Jared Mauch <jared at puck.nether.net> wrote:
>
> This is why I’ve preferred to push ANY to TCP myself. It works and is
> defensible in any/all cases and doesn’t require the user to type +tcp or
> other esoteric options that are non-obvious.
It isn't entirely wonderful.
An attacker that is reflecting off a recursive server can still use your
domain for a big amplification factor. If the attacker is using a lot of
recursive servers, you have to deal with a lot of TCP traffic.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Lundy, Fastnet, Irish Sea: South or southeast 4 or 5, occasionally 6 later
except in Irish Sea. Slight or moderate. Drizzle, fog patches. Moderate,
occasionally very poor.
More information about the dns-operations
mailing list