[dns-operations] DNSbomb attack
Ondřej Surý
ondrej at sury.org
Tue May 28 05:56:21 UTC 2024
Stephane,
I must say that I am disappointed by the narrative that you are creating here: “this is good reading, but ISC disagrees”.
We actually think the proposed attack is very clever way how to abuse the way modern resolvers work. Our argument is that the existing (default) BIND 9 settings already mitigates the attack to a level that’s just enough. And that’s described in length in the mentioned blogpost by Nicki.
I don’t know why are you trying to create rift where there’s really none.
Ondřej
--
Ondřej Surý (He/Him)
> On 27. 5. 2024, at 17:12, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
> The paper is good reading:
>
> https://dnsbomb.net/
>
> ISC disagrees:
>
> https://www.isc.org/blogs/2024-dnsbomb/
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list