DNS Amplification Attacks... and a trivial proposal

Mark Andrews marka at isc.org
Sat Jun 15 02:26:13 UTC 2013

In message <51BBB83A.7040005 at dougbarton.us>, Doug Barton writes:
> Personally I've never understood why RRL wasn't already baked in. The 
> only way a legitimate client could send the same query over and over in 
> a short period of time (intentionally being vague on both terms) is that 
> it is broken. We did the smart thing to solve that problem on the 
> iterative side 10 years ago, I don't know why it's taken so long to 
> solve the auth side. :)
Actually it isn't especially with NATs, firewalls that drop EDNS packets

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list