North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DNS deluge for x.p.ctrc.cc
In message <[email protected]>, Rob Thomas w rites: > >Limit UDP queries to 512 bytes. This greatly decreases the >amplification affect, though it doesn't stop it. > Unfortunately, the intention of the DNS developers is just the opposite. Things like DNSSEC require larger packet sizes; in fact, there's a DNS extension (EDNS0) whose purpose, among others, it to permit this. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
|