Ted Lemon <[email protected]> wrote: > One point about repeated queries is that on the list of problems we have in > the DNS, this probably isn't high. What would the packet rate be for such > queries as opposed to the other problem queries we see?
I didn't record numbers when I saw this attack, I'm afraid. One of our authoritative servers was getting a lot of queries from a very large number of different recursive servers. It looked like the attackers were probably using home gateways as amplifiers, and the gateways were getting the records from their recursive servers which were getting the records from us. In this situation, I could massively reduce the amount of attack traffic by getting small positive cache entries into the recursive servers (and maybe also the gateways, if they have caches). If you don't give a positive answer then the traffic at the authority will probably increase by multiple decimal orders of magnitude - each query will be retried bu the recursive servers, and the answers won't be cached so every query will hit the authorities. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ - I xn--zr8h punycode Northwest Fitzroy, Sole: Northwesterly backing southwesterly for a time later, 5 to 7, decreasing 4 for a time. Rough or very rough. Showers, rain later. Good, occasionally poor later. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
