[dns-operations] [Ext] dns-operationsMysteries of DNSSEC

Paul Hoffman paul.hoffman at icann.org
Tue Apr 2 16:16:13 UTC 2024


On Apr 2, 2024, at 08:42, Wes Hardaker <wjhns1 at hardakers.net> wrote:

> Do check/worry about DDoS reflections from UDP requests for DNSKEYs.

Why? Of what value is worrying about this? From what you and John says, it's pretty clear that you can't do anything effective to remediate whatever it is they are doing. Recent DDoS stats indicate that redirected DNS over UDP is no longer a significant source in real-world attacks. Short of being fodder for yet another "UDP considered harmful" discussion, why even note this?

--Paul Hoffman





More information about the dns-operations mailing list