On Tue, Aug 04, 2015 at 06:15:43PM -0400,
 Ted Lemon <ted.le...@nominum.com> wrote 
 a message of 312 lines which said:

> because the client may be an open resolver that implements cookies,
> and indeed open resolvers that implement cookies will now be
> specially favored as attack vectors.

The vast majority of open resolvers are broken CPE, with a poor and
limited implementation of DNS, or very old BIND not maintained for
years. I think it's unlikely they will be upgraded to support cookies.

> And of course botnet attackers have legit IP addresses and use them,

If you do a reflection attack, or a poisoning attack, you cannot use
your legit IP address.

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to