[dns-operations] Slow Drip DDOS Attack Research

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Nov 8 09:18:18 UTC 2018

On Wed, Nov 07, 2018 at 09:58:55AM -0800,
 Paul Vixie <paul at redbarn.org> wrote 
 a message of 31 lines which said:

> i also question whether open resolvers are truly nec'y for this
> attack.  opendns and google do a lot of rate limiting and have 24x7
> human coverage to detect anomalies. i have to assume that IBM and
> CloudFlare do the same, or else we'd have heard about other
> amplification attacks through those open recursives before now.

OpenDNS and Google Public DNS are public resolvers (managed), not open
resolvers (unmanaged, and probably open by mistake). (RFC 7719,
section 5).

More information about the dns-operations mailing list