[dns-operations] solutions for DDoS mitigation of DNS

Davey Song songlinjian at gmail.com
Thu Apr 2 11:19:42 UTC 2020

But Tessa Plum are asking for help when they were under attack with a lot
of UDP requests flooding to the servers.

When a patient with flu asking for help, but his doctor only suggest him to
mask himself avoid he inffectiing others. Wearing masks is generally good
for public but not a cure for that patient.

Given 20Gbps attack, not a huge one, I still think sharing the load among
multiple servers make sense. If possible, some advanced anti-ddos
techniques are available.  There is no cost-free solution for DoS.


On Thu, 2 Apr 2020 at 18:22, Ray Bellis <ray at isc.org> wrote:

> The OP described a spoofed-source amplification attack.
> They are not the "victim", but the unwilling participant.
> RRL is the correct solution for this class of attack.
> Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200402/6a77e688/attachment.html>

More information about the dns-operations mailing list