On Wed, Mar 6, 2013 at 8:36 AM, <wbr...@e1b.org> wrote: > I recently help close down an open recursive resolver. It is still > getting a lot of queries for isc.org/ANY which get a refused response > (unless slipped/dropped by RRL). Granted, this doesn't amplify the attack > since REFUSED is a fairly small packet, but it is still traffic to the > attacked site. > > Seems like a REFUSED response fits into its own RRL category. Is there any reason why name servers wouldn't simply drop them if they exceed the configured RRL threshold--or even perhaps a lower threshold?
Casey
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
