On Jan 31, 2013, at 8:29 PM, Tony Finch <[email protected]> wrote: > Keith Mitchell <[email protected]> wrote: >> >> This only works for recursive resolvers - for authoritative nameservers, >> the traffic profiles are such that it's very difficult to >> distinguish between legitimate and attack traffic. > > That isn't true at the moment. There are a number of quite crude but > effective remedies against current amplification attacks, and response > rate limiting should be effective against many future attacks too.
Please do share! :-) - Job
