If the problem is amplification, why not only perform RRL on only those DNS communications exchanges that have certain amplification factor (i.e. 1.5).
Frank -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of SM Sent: Thursday, January 10, 2013 8:34 AM To: [email protected] Cc: [email protected] Subject: Re: [dns-operations] responding to spoofed ANY queries Hi George, At 01:53 10-01-2013, George Michaelson wrote: >What makes you think they won't? I mean, isn't this a classic >mistake of cold war defense modelling, that you assume your enemy >will use weapons you can confidently defend against and ignore the >ones you suspect you cannot? There are parallels with antispam. The current suspect (ANY queries) will be considered as bad. Abusers will move to the next low-hanging fruit [1]. I would have to do something about the low-hanging fruit if it turns into an operational problem. The problem is amplification. It can only be mitigated. Regards, -sm 1. https://lists.dns-oarc.net/pipermail/dns-operations/2006-March/000135.html _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
