> On 1 Oct 2016, at 16:36, A. Schulze <[email protected]> wrote: > >> Could we eliminate the DDoS threat by just turning off UDP? >> >> Recursive servers I understand probably have to keep accepting them, but >> authoritative servers are only intended for recursive servers to query, so >> would it be safe to just drop port 53 UDP requests? > > are there any experiences/opinions on that?
Quite probably. They will be very unhappy ones. The OP hasn’t yet figured out which port number and transport resolving servers use when they query authoritative servers. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
