nanog mailing list archives
Re: DNS hardening, was Re: Dan Kaminsky
From: Florian Weimer <fweimer () bfk de>
Date: Thu, 06 Aug 2009 07:11:35 +0000
* Douglas Otis:
DNSSEC UDP will likely become problematic. This might be due to reflected attacks,
SCTP does not stop reflective attacks at the DNS level. To deal with this issue, you need DNSSEC's denial of existence. The DNSSEC specs currently doesn't allow you to stop these attacks dead in your resolver, but the data is already there. -- Florian Weimer <fweimer () bfk de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
Current thread:
- Re: DNS hardening, was Re: Dan Kaminsky, (continued)
- Re: DNS hardening, was Re: Dan Kaminsky Christopher Morrow (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Paul Vixie (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)
- Re: DNS hardening, was Re: Dan Kaminsky Paul Jakma (Aug 06)
- Re: DNS hardening, was Re: Dan Kaminsky Christopher Morrow (Aug 06)
- Re: DNS hardening, was Re: Dan Kaminsky Paul Vixie (Aug 06)
- Re: DNS hardening, was Re: Dan Kaminsky Ross Vandegrift (Aug 06)
- Re: DNS hardening, was Re: Dan Kaminsky Christopher Morrow (Aug 06)
- Re: DNS hardening, was Re: Dan Kaminsky Steven M. Bellovin (Aug 07)
- Re: DNS hardening, was Re: Dan Kaminsky Douglas Otis (Aug 10)
- Re: DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)
- A DNSSEC irony Edward Lewis (Aug 06)
- Re: DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)
- Re: DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)
- Re: Fwd: Dan Kaminsky Dave Israel (Aug 03)
- Re: Dan Kaminsky Jorge Amodio (Aug 05)