[dns-operations] solutions for DDoS mitigation of DNS

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Apr 2 16:15:23 UTC 2020


On Thu, Apr 02, 2020 at 09:31:18PM +0800,
 Tessa Plum <tessa at plum.ovh> wrote 
 a message of 7 lines which said:

> I think we can put the devices in our own network to protect such attacks.

Commercial boxes are typically optimised for HTTP, DNS is very
different. I remember a box which was creating an entry in memory for
every source IP address. Even with IPv4, an attack with randomised
addresses was sufficient to kill it. Not even mentioning IPv6 :-)



More information about the dns-operations mailing list