Hello,
During the research on dns/dnssec amplification attacks against root servers and evaluation of anonymous operation global blackout (we still don't know if this is a hoax...), we came up with idea which would limit one additional attack. Lets imagine query source spoofed as one of the root servers IP and now if sending query to DNS cache server, which does all the name resolving process and finally sends reply to spoofed IP which in this case is one of the root servers. So this may be additional network traffic during the attack. The idea is to filter these outgoing replies with IP matching any of the root server IP and source port :53 on DNS cache servers, so we will avoid loading root servers with this spoofed reply. I hope this does not drop legitimate traffic so let me know if this is a bad idea. :) best regards, Ivo
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users