Hi ALL, We have submitted a new Internet-Draft:
https://datatracker.ietf.org/doc/draft-avoid-large-wildcard-records/ The draft discusses DNS amplification risks caused by oversized records with wildcard owner names, especially in large-scale authoritative DNS hosting environments, and provides operational guidance for mitigation. Comments and feedback are welcome. thanks. > -----原始邮件----- > 发件人: [email protected] > 发送时间:2026-01-06 15:21:06 (星期二) > 收件人: "Joe Abley" <[email protected]>, "Peng Zuo" <[email protected]>, > "Zhiwei Yan" <[email protected]> > 主题: New Version Notification for draft-avoid-large-wildcard-records-00.txt > > A new version of Internet-Draft draft-avoid-large-wildcard-records-00.txt has > been successfully submitted by Peng Zuo and posted to the > IETF repository. > > Name: draft-avoid-large-wildcard-records > Revision: 00 > Title: Avoid Large Records with a Wildcard Owner Name > Date: 2026-01-05 > Group: Individual Submission > Pages: 7 > URL: > https://www.ietf.org/archive/id/draft-avoid-large-wildcard-records-00.txt > Status: https://datatracker.ietf.org/doc/draft-avoid-large-wildcard-records/ > HTMLized: > https://datatracker.ietf.org/doc/html/draft-avoid-large-wildcard-records > > > Abstract: > > As DNS hosting becomes increasingly centralized, with multiple zones > hosted on shared authoritative name servers, the risk of DNS > amplification attacks has grown. By crafting large DNS records with > wildcard owner names, attackers can exploit these shared servers to > launch high-volume DDoS amplification attacks. > > This document provides operational guidance for DNS hosting providers > to mitigate DDoS risks arising from amplification of responses > derived from wildcard owner names. > > > > The IETF Secretariat > > _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
