>The entire problem is fundamentally a result of the introduction of EDNS0. >Wwouldn't you agree?
No, that just makes it a little easier. You pound the patoot out of someone with 512 byte packets just as much as you can with 4K packets, just by making your attacking botnet bigger. The real solution is BCP 38, to keep spoofed packets out of the network in the first place. With widely implemented BCP 38, open resolvers wouldn't matter since you could only DoS yourself, or at worst someone else on your own network segment. R's, John _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
