[dns-operations] solutions for DDoS mitigation of DNS

Fred Morris m3047 at m3047.net
Thu Apr 2 17:23:22 UTC 2020


On Thu, 2 Apr 2020, Davey Song wrote:
> I'm very confused that why people on the list are suggesting RRL (even
> BCP38) to the victim of DoS attack?

The reason rate limiting, of any kind (not just DNS, not just UDP; TCP SYN 
for example), helps in a spoofed source attack is because it makes you a 
less nourishing host for the parasites and hopefully they eventually move 
on.

It also means that a persistent legitimate party is more likely to get an 
answer.

It also means that the true victim (behind the spoofed source address) is 
less likely to mitigate by blocking traffic from you (your legitimate 
source address when you reply).

--

Fred Morris



More information about the dns-operations mailing list