[dns-operations] "Poorly configured DNSSEC servers at root of DDoS attacks"
Roland Dobbins
rdobbins at arbor.net
Wed Sep 7 19:22:40 UTC 2016
On 7 Sep 2016, at 21:04, Tony Finch wrote:
> The authoritative servers are overloaded because there are too many
> TCP clients.
This is a problem with busy authoritative servers generally. The
sysadmins often don't tune them for high-volume TCP as well as UDP; and
IIRC, the default BIND named.conf setting for the number of simultaneous
TCP connections is still only 100.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the dns-operations
mailing list