On Sep 11, 2012, at 11:38 PM, Vernon Schryver wrote: > I fear that the technical note linked from that page fails to emphasize > enough the drawbacks of firewall defenses against DNS reflection attacks
Beyond the DNS-specific issues cited, putting stateful firewalls in front of *any* server, much less busy DNS servers, is contraindicated. It just amazes me that people continue to do this. ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
