[dns-operations] Slow Drip DDOS Attack Research

Warren Kumari warren at kumari.net
Thu Nov 8 08:51:32 UTC 2018


On Thu, Nov 8, 2018 at 3:46 PM Stephane Bortzmeyer <bortzmeyer at nic.fr>
wrote:

> On Wed, Nov 07, 2018 at 08:55:09AM +0700,
>  Warren Kumari <warren at kumari.net> wrote
>  a message of 236 lines which said:
>
> > I'm somewhat surprised that this document makes no mention of DNSSEC
> > / RFC8198 "Aggressive Use of DNSSEC-Validated Cache".
>
> And RFC 8020 too, if the domain is not DNSSEC-signed.
>


Indeed.
W




-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20181108/f57737a8/attachment.html>


More information about the dns-operations mailing list