If we have Attacker -> CPE -> Auth -> CPE -> Target why isn't the CPE returning answers from its cache?
How much unauthenticated amplification in the DNS is acceptable? Do we need to authenticate any response that results in amplification? If we do how do we get from where we are now to where we need to be without breaking everything in the process? Attackers can hide their attacks in the noise to the extent that only the target will be noticing that a attack is happening. Diffferent qnames within a zone, bouncing off CPE and other recursive servers, using a spread of zones. It's only lack of sophistication in the attack that is making the problem visible at auth servers today. It's only a matter of time before the attack becomes well hidden if we play whack-a-mole. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
