On 1 Oct 2012, at 08:33, Paul Vixie wrote:
i'm ready to accept that rate limiting (as specified by DNS RRL) hurts non-spoofing clients who ask "similar enough" questions during the attack. but so far this has not been demonstrated or even described. a real recursive-service initiator may be forced to retry by UDP or even by TCP.
+1. Besides, a genuine resolver will also have a non rate-limiting server to query unless all the name servers for some domain are under attack.
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
