[dns-operations] solutions for DDoS mitigation of DNS

Jim Reid jim at rfc1035.com
Thu Apr 2 10:22:21 UTC 2020



> On 2 Apr 2020, at 11:10, Davey Song <songlinjian at gmail.com> wrote:
> 
> I'm very confused that why people on the list are suggesting RRL (even BCP38) to the victim of DoS attack? If I remember correctly, the goal of both RRL and BCP38 is to reduce the chance of participating the attack as a innocent helper.

RRL won’t help with the volume of incoming queries. It will however reduce the volume of outgoing responses which may well be DoS’ing another innocent victim.




More information about the dns-operations mailing list