Tony Finch writes: > At that point the name server itself is the victim, and there isn't > anything it can do about the attack - DDoS mitigation has to happen well > upstream of the victim.
Well, it's *a* victim, if not the intended target. As someone who runs servers behind a small pipe (and recently had the pipe collapse thanks to an NTP reflection targeted at someone else) I definitely agree with you. As a supporter of RRL, I'll point out that even with overwhelming inbound attack traffic RRL will still help so "isn't anything it can do about the attack" is too bleak. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
