Hi,Peter thanks for your attention and interest.
If you have any issues or suggestions during implementation, please let us know. Feedback from real-world deployments would be especially valuable for improving the document. Best regards, Peng > -----原始邮件----- > 发件人: "Peter Thomassen" <[email protected]> > 发送时间:2026-01-09 00:59:00 (星期五) > 收件人: 左鹏 <[email protected]>, [email protected] > 抄送: "Nils Wisiol" <[email protected]> > 主题: [DNSOP] Re: Fw: New Version Notification for > draft-avoid-large-wildcard-records-00.txt > > Hi, > > This is an interesting attack vector, especially because of the concentration > of bandwidth usage between the resolver and the authoritative. The proposed > solutions are also pretty reasonable. > > I think this document is a good idea. We'll likely implement some of the > proposed measures at deSEC. > > Best, > Peter > > > On 1/6/26 08:35, 左鹏 wrote: > > Hi ALL, > > > > We have submitted a new Internet-Draft: > > > > https://datatracker.ietf.org/doc/draft-avoid-large-wildcard-records/ > > > > The draft discusses DNS amplification risks caused by oversized records > > with wildcard owner names, especially in large-scale authoritative DNS > > hosting environments, and provides operational guidance for mitigation. > > > > Comments and feedback are welcome. > > > > thanks. > > > >> -----原始邮件----- > >> 发件人: [email protected] > >> 发送时间:2026-01-06 15:21:06 (星期二) > >> 收件人: "Joe Abley" <[email protected]>, "Peng Zuo" <[email protected]>, > >> "Zhiwei Yan" <[email protected]> > >> 主题: New Version Notification for draft-avoid-large-wildcard-records-00.txt > >> > >> A new version of Internet-Draft draft-avoid-large-wildcard-records-00.txt > >> has > >> been successfully submitted by Peng Zuo and posted to the > >> IETF repository. > >> > >> Name: draft-avoid-large-wildcard-records > >> Revision: 00 > >> Title: Avoid Large Records with a Wildcard Owner Name > >> Date: 2026-01-05 > >> Group: Individual Submission > >> Pages: 7 > >> URL: > >> https://www.ietf.org/archive/id/draft-avoid-large-wildcard-records-00.txt > >> Status: > >> https://datatracker.ietf.org/doc/draft-avoid-large-wildcard-records/ > >> HTMLized: > >> https://datatracker.ietf.org/doc/html/draft-avoid-large-wildcard-records > >> > >> > >> Abstract: > >> > >> As DNS hosting becomes increasingly centralized, with multiple zones > >> hosted on shared authoritative name servers, the risk of DNS > >> amplification attacks has grown. By crafting large DNS records with > >> wildcard owner names, attackers can exploit these shared servers to > >> launch high-volume DDoS amplification attacks. > >> > >> This document provides operational guidance for DNS hosting providers > >> to mitigate DDoS risks arising from amplification of responses > >> derived from wildcard owner names. > >> > >> > >> > >> The IETF Secretariat > >> > >> > > _______________________________________________ > > DNSOP mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > -- > Like our community service? 💛 > Please consider donating at > > https://desec.io/ > > deSEC e.V. > Möckernstraße 74 > 10965 Berlin > Germany > > Vorstandsvorsitz: Nils Wisiol > Registergericht: AG Berlin (Charlottenburg) VR 37525 > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
