> > It would be nice if ANY queries just got thrown away. I can live with the > breakage that causes. YMMV. However if there was something that generally > blocked or discarded ANY queries, the bad guys would switch to some other > QTYPE that can't be blocked without causing significant operational > problems. > > > > _______________________________________________ > > What makes you think they won't? I mean, isn't this a classic mistake of > cold war defense modelling, that you assume your enemy will use weapons you > can confidently defend against and ignore the ones you suspect you cannot? > > ANY has good amplification. If its not working, they surely will move to > others. Or both. And if it is working they may move to others anyway.
The bad guys are *already* using other tools than ANY queries - for instance, I have seen quite a few amplification attacks based on TXT queries. There's nothing new under the sun... Steinar Haug, AS 2116 _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
