In message <51ba355b.10...@dougbarton.us>, Doug Barton <do...@dougbarton.us> wrote:
>No. You can still get pretty good amplification with 512 byte responses. That is an interesting contention. Is there any evidence of, or even any reasonably reliable report of any DDoS actually being perpetrated IN PRACTICE using strictly 512 byte packets? If that's actually a real problem, then I am forced to assume that there must have been numerous reliable reports of successful and devastating DNS reflection DDoS attacks which pre-dated the widespread adoption of EDNS0. I am not sure where or how I would be able to unearth archived but contemporaneous news accounts of such incidents, so if you could send me some links to archived copies of a few such pre-EDNS0 DDoS reports, I sure would appreciate it. >There is no quick fix. I will settle for a slow one. All I am asking of the Internet community is that we at least *begin* the process of implmenting something that will really solve the problem once and for all... including even the part of the problems that can arise from non-open DNS servers. I am not persuaded that we have even really begun in ernest a process that is likely to lead to that result. Almost everybody, even 13 years later, is still hoping for, and praying for, some utterly cost-free and pain-free solution to drop down out of the sky like mana from heaven. My question is really a simple one: Where are the adults? This problem has gone on long enough. Regards, rfg _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
