<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p><br>
</p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font color="#000000" face="Calibri, sans-serif" style="font-size:11pt"><b>From:</b> dns-operations <dns-operations-bounces@dns-oarc.net> on behalf of Florian Weimer <fweimer@redhat.com><br>
<b>Sent:</b> Monday, October 24, 2016 5:09 AM<br>
<b>To:</b> dns-operations@dns-oarc.net<br>
<b>Subject:</b> Re: [dns-operations] Does residential ISPs do rate limit on their local resolvers?</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">On 10/22/2016 06:27 PM, Paul Vixie wrote:<br>
><br>
><br>
> Robert Martin-Legene wrote:<br>
>> I think RRL does not really work so well in this case. It would force<br>
>> the client to TCP. But then on TCP the client could ask for any random<br>
>> string from a victim-zone. A string that the resolver would try to resolve.<br>
><br>
> i think you should build a test network out of a bunch of VM's and find<br>
> out what difference RRL makes in practice against an attack like this.<br>
> the urban legend of "would force the client to TCP" isn't supported by<br>
> theory and likely won't be supported by practice, either. RRL has three<br>
> things it can do when it decides that a query is a duplicate. only one<br>
> involves TC=1. the combination of all three yields systemic attenuation.<br>
<br>
What happens to the recursor with typical RRL deployments on the server <br>
side?<br>
<br>
Is the goal to take out the recursor as completely as possible, so that <br>
its operator is forced to disconnect the client that is spewing garbage <br>
queries?</div>
<div class="PlainText"><br>
</div>
<div class="PlainText">I could imagine under a huge tough attack, the authoritative operator may want to "take out the
</div>
<div class="PlainText">recursor as completely as possible" if the recursor is "spewing garbage queries". But the motivation</div>
<div class="PlainText">behind that is they want to serve the other recursors that carries no attack queries.</div>
<div class="PlainText">If they don't do this, they may end up with taking out all recursors almost completely and no users can</div>
<div class="PlainText">be served at all...</div>
<div class="PlainText"><br>
<br>
Thanks,<br>
Florian<br>
<br>
_______________________________________________<br>
dns-operations mailing list<br>
dns-operations@lists.dns-oarc.net<br>
<a id="LPlnk423237" href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" previewremoved="true">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
dns-operations mailing list<br>
<a id="LPlnk154912" href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" previewremoved="true">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
</div>
</span></font></div>
</div>
</body>
</html>