[dns-operations] dns-operationsMysteries of DNSSEC
Wes Hardaker
wjhns1 at hardakers.net
Tue Apr 2 15:42:54 UTC 2024
"John Levine" <johnl at taugh.com> writes:
> Another surprise is that I'm getting a lot of repeated DNSKEY queries
> even though the TTL is an hour. One repeat customer is Cloudflare,
> another is pfsense22.plan-gis.net, at some random company in Germany.
Do check/worry about DDoS reflections from UDP requests for DNSKEYs. A
number of addresses out there do seem to always request large packet
type responses, which is always questionable. Making sure something
like RRL is on/implemented is a good thing to do as well.
The dnssec-tools servers continue to get many requests for ANY from a
number of addresses that have been sending me queries for years, even
though I've blocked them years ago from answering those questions as
they were clearly malicious in nature (and never caching content).
--
Wes Hardaker
USC/ISI
More information about the dns-operations
mailing list