Additionally, https://www.rfc-editor.org/rfc/rfc8906.html explicitly states that DNS servers should answer to requests and not drop them (the exceptions to this rule are very few). If anything, this so called attack shows problems in upstream servers, not in dnsdist.
-Otto > On 20/08/2025 08:57 CEST Otto Moerbeek via dnsdist > <dnsdist@mailman.powerdns.com> wrote: > > > 1. This report is not following responsible disclosure in any way as it is > sent to a public mailing list. We saw you also sent similar report to other > public mailing list. This is very bad practise. > > 2. We do not think the report has merit, read > https://www.dnsdist.org/guides/downstreams.html#securing-the-path-to-the-backend > for the reasons. > > Regards, > > -Otto > > -- > > kind regards, > Otto Moerbeek > Senior Developer PowerDNS > > > Phone: +49 2761 75252 00 Fax: +49 2761 75252 30 > Email: otto.moerb...@open-xchange.com > > > ------------------------------------------------------------------------------------- > Open-Xchange AG, Hohenzollernring 72, 50672 Cologne, District Court Cologne > HRB 95366 > Managing Board: Andreas Gauger, Dirk Valbert, Frank Hoberg, Stephan Martin > Chairman of the Board: Dr. Paul-Josef Patt > > PowerDNS.COM BV, Koninginnegracht 5, 2514 AA Den Haag, The Netherlands > Managing Director: Robert Brandt > ------------------------------------------------------------------------------------- > _______________________________________________ > dnsdist mailing list > dnsdist@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/dnsdist
signature.asc
Description: PGP signature
_______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
