nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS hardening, was Re: Dan Kaminsky

From: Florian Weimer <fweimer () bfk de>
Date: Thu, 06 Aug 2009 07:11:35 +0000
* Douglas Otis:


DNSSEC UDP will likely become problematic.  This might be due to
reflected attacks,


SCTP does not stop reflective attacks at the DNS level.  To deal with
this issue, you need DNSSEC's denial of existence.  The DNSSEC specs
currently doesn't allow you to stop these attacks dead in your
resolver, but the data is already there.

-- 
Florian Weimer                <fweimer () bfk de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99
Previous By Date Next
Previous By Thread Next

Current thread: