So if I understand correctly, the solution you are advocating is to only answer non-spoofed queries?
On Jan 10, 2013, at 7:23 AM, Jim Reid <[email protected]> wrote: > I agree: provided we're talking about responding to queries from valid > recursors. However we're not. The context is spoofed queries. [See above.] > Responding to these is bad because (a) it chews your bandwidth and CPU; (b) > the replies don't go to the actual source that generated the queries; (c) the > destination of those responses doesn't want or need that inbound traffic. > This is why we agree RRL helps to reduce the damage from spoofed ANY flood > attacks. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
