On 13. 09. 19 10:27, Paul Vixie wrote: > Petr Špaček via Unbound-users wrote on 2019-09-13 01:15: >> ... >> >> Any implementation which is unable to respond to well-formed queries >> is just broken and there is no excuse for it. > > in DNS RRL (www.redbarn.org/dns/ratelimits) a motive and a method is > described whereby queries which appear to be uselessly duplicative are > dropped without response. this is the main method of managed nonparticipation > in DNS-amplified DDoS attacks. > > perhaps this is exempted from your otherwise broad statement, since the > implementation of DNS RRL does not render an implementation "unable" to > respond to all well-formed queries, but rather, "unwilling" to do so.
DDoS is a special case, of course. -- Petr Špaček @ CZ.NIC
