[dns-operations] DNS reflection useful without amplification?

Damian Menscher damian at google.com
Thu Sep 8 04:42:07 UTC 2016

On Wed, Sep 7, 2016 at 1:23 AM, Paul Vixie <paul at redbarn.org> wrote:

> << We are ... directly aware of a vast number of routers, switches,
> servers, name servers, firewalls, and other on-path devices whose principle
> bottleneck is packets not bits. That is, these devices might be able to
> receive or forward five hundred megabits per second (500 Mbit/sec) of large
> packets but only a fifty megabits bits per second (50 Mbit/sec) of small
> packets. This is weak engineering on their part but we don't get to judge
> the manufacturers or the operators of these weak devices — we must take
> them into account when planning our defense. >>
> (http://www.circleid.com/posts/20130913_on_the_time_value_
> of_security_features_in_dns/)
> anyone who considers this claim dubious is invited to provide a
> counterclaim with its own justification. a mere claim of dubiousness with
> neither counter-claim nor justiciation is not an example of the kind of
> critical thinking we'll have to use to solve any of the internet's security
> problems. feel free to make your counter-claim as a comment on the
> circle-id article quoted above, if you desire persistence.

It's a fine claim, but is unrelated to the subject line of this thread,
"DNS reflection useful without amplification?"  You're simply claiming
amplification is useful for pps (as well as for bps), not that
amplification is not needed.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160907/d1f56c69/attachment.html>

More information about the dns-operations mailing list