On Mon, Sep 14, 2020 at 01:23:16PM -0700,
Damian Menscher wrote
a message of 87 lines which said:
> > There are a great many public resolvers, the best known ones among
> > which are operated by the major US corporations that have cornered
> > a large proportion of Internet services and are
Hi Stephane-san,
I've read the article. I am suspecting the attack vector is random
subdomain attacks via bad CPEs, they acts open resolvers and
forwarding queries to ISP's resolvers.
Possibly, the real target domain name was exist and the attackers
tried to down the auth servers of the domain.
On Mon, Sep 14, 2020 at 02:54:42PM -0300,
Fernando Gont wrote
a message of 19 lines which said:
> Any more details about the attack? e.e., what vectors they used, etc.?
No, they didn't publish any technical details. Like many people, I saw
the effects (DNS resolution down) but not the
Stephane Bortzmeyer 于2020年9月15日周二 下午3:32写道:
> On Mon, Sep 14, 2020 at 02:54:42PM -0300,
> Fernando Gont wrote
> a message of 19 lines which said:
>
> > Any more details about the attack? e.e., what vectors they used, etc.?
>
> No, they didn't publish any technical details. Like many people, I
bsomers> My argument goes something like this. When a DNS request is
bsomers> sent, the client (whether a stub or a resolver) is the most
bsomers> qualified to know specifics about the "connection" and is also
bsomers> the target of fragmentation attacks.
I'd go the other end of the spectrum.
On Sep 11, 2020, at 1:24 PM, Brian Dickson
wrote:
>
> In short: I would be perfectly okay if the recommendation were ONLY for the
> authority (and server side of resolvers) to lower their default configured
> UDP bufsizes, at which point having a range of recommended values (rather
> than a