* Commonly when an answer to a query is larger than UDP should handle, a switch to TCP is required. This can be configurable and done in unexpected ways to thwart DDOS * I do not know of any laws specifically mentioning DNS. General computer system/network laws could apply. * I think there would be some demonstrations out there. I searched for `github dns amplification attack` and saw many.
On Fri, Nov 3, 2023 at 9:21 AM Amaury Van Pevenaeyge < avanpevenae...@outlook.fr> wrote: > Hello everyone, > > > > I'm currently a final year Master's student at the Free University of > Brussels. As part of my Master's thesis, I have to implement a DNS > amplification scenario within a Cyber Range. However, before achieving this > final goal, I first need to make amplification rate measurements within a > virtual machine system. I therefore have a few questions about the DNS > protocol and DNS servers. > > > > - Why do some DNS servers respond via TCP to an ANY query made under > UDP? I have read in RFC8482 that modern DNS servers try to limit responses > to ANY queries in order to limit the impact of their use in DNS > amplification attack but I would like to learn more about the security > measures/best practices currently in place for this type of query and for > big TXT responses. Does anyone have any sources or other RFCs that might be > useful? > > > > - Would you have any advice/recommendations or sources on the legal > Framework to be respected for my Master’s thésis, so that I can carry out > my various measures without being illegal or alerting certain entities? > > > > - Would you have some articles and researches or others about DNS > protocol, DNS protocol security or good research practices for DNS > amplification attacks? > > > > Thank you in advance for your help. I remain at your disposal should you > have any questions. > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- - Andrew "lathama" Latham -
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
