DNS Amplification Attacks... and a trivial proposal
Mark Andrews
marka at isc.org
Sat Jun 15 02:26:13 UTC 2013
In message <51BBB83A.7040005 at dougbarton.us>, Doug Barton writes:
> Personally I've never understood why RRL wasn't already baked in. The
> only way a legitimate client could send the same query over and over in
> a short period of time (intentionally being vague on both terms) is that
> it is broken. We did the smart thing to solve that problem on the
> iterative side 10 years ago, I don't know why it's taken so long to
> solve the auth side. :)
Actually it isn't especially with NATs, firewalls that drop EDNS packets
etc.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list