On 16 Oct 2015, at 13:15, Paul Hoffman wrote:
On 16 Oct 2015, at 10:07, Darcy Kevin (FCA) wrote:
Let's see, millions of full-service resolvers, times the packet-count
differential between UDP and TCP, times the average reload/restart
frequency of those full-service resolvers per day/week/month. Can't a
case be made from sheer volume?
The root operators have shown no concern about legitimate resolvers
asking a lot more queries. Given that using TCP for priming helps
mitigate an injection attack,
Have we characterised this attack at all?
We're talking principally about a risk to resolvers that prime but don't
validate, right?
Joe
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
