... Frank Bulk wrote: > If the problem is amplification, why not only perform RRL on only those DNS > communications exchanges that have certain amplification factor (i.e. 1.5).
i had not thought of this. now that you're making me do so, i think three things. first, 1.5X is probably a compelling amplification factor. second, such a limit would not remove the need to know how many repeated responses are reasonable for some netblock. that consideration does not have gray areas in which we might use response size ratio as a tie breaker. third, in the rare false positive case, someone getting timeouts and having to retry with either udp or tcp, would have more difficulty diagnosing the cause of that problem if the size of the responses they aren't getting was one of the determining factors of whether they got it. paul _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
