[dns-operations] solutions for DDoS mitigation of DNS
Fred Morris
m3047 at m3047.net
Thu Apr 2 17:23:22 UTC 2020
On Thu, 2 Apr 2020, Davey Song wrote:
> I'm very confused that why people on the list are suggesting RRL (even
> BCP38) to the victim of DoS attack?
The reason rate limiting, of any kind (not just DNS, not just UDP; TCP SYN
for example), helps in a spoofed source attack is because it makes you a
less nourishing host for the parasites and hopefully they eventually move
on.
It also means that a persistent legitimate party is more likely to get an
answer.
It also means that the true victim (behind the spoofed source address) is
less likely to mitigate by blocking traffic from you (your legitimate
source address when you reply).
--
Fred Morris
More information about the dns-operations
mailing list