Hi Mauricio, Thank you for your review!
On 12/20/24 22:41, Mauricio Vergara Ereche wrote:
I support this draft. I would only like to see a bit more consideration on section 5 about how to deter malicious attempts from forged/spoofed addresses that might trigger amplification attacks in the future, as this could lead to multiple queries being sent out.
For context, that section has 3-4 paragraphs on this aspect. Paraphrasing, it says that amplification attempts are of little use because a NOTIFY message will trigger a DNS query (e.g., for CDS), which via plain DNS are roughly of equal (and not amplified) size, and that receivers still should have rate limiting by source address and child name. We'll be happy to add some more guidance, but given the above, we're not sure what exactly to add. If you could suggest some text, that would be highly welcome. Thanks, Peter + co-authors _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
