On Thu, 9 Aug 2007, Stephane Bortzmeyer wrote: > > On Wed, Aug 08, 2007 at 03:20:56PM -0700, > william(at)elan.net <[EMAIL PROTECTED]> wrote > a message of 23 lines which said: > > > How is that an "anti DoS" technique when you actually need to return > > an answer via UDP in order to force next request via TCP? > > Because there is no amplification: the UDP response packet can be very > small. actually because it forces authentication of the source (authentication being that the source is a real-live host asking for dns services). Beyond that trick, the deviecs I've seen/used also catalog the rates of queries from individual hosts and force a cached answer to be generated locally if the loads get too high (per source).. Sorry this is a bit late to the punch :)
- Re: large organization name... Adrian Chadd
- Re: large organization name... Joe Abley
- Re: large organization name... David Conrad
- Re: large organization name... Doug Barton
- Re: large organization name... Chris L. Morrow
- RE: large organization name... David Schwartz
- Re: large organization name... Valdis . Kletnieks
- Re: large organization nameserv... Tony Finch
- RE: large organization nameservers sendi... william(at)elan.net
- Re: large organization nameservers s... Stephane Bortzmeyer
- Re: large organization nameserv... Chris L. Morrow
- Re: large organization nameservers sending icmp packe... Duane Wessels
- Re: large organization nameservers sending icmp packe... Steve Atkins
- Re: large organization nameservers sending icmp packe... Donald Stahl
- Re: large organization nameservers sending icmp ... Kevin Oberman
- Re: large organization nameservers sending i... Andrew Sullivan
- Re: large organization nameservers sendi... Douglas Otis
- Re: large organization nameservers sending icmp ... David Conrad
- RE: large organization nameservers sending icmp ... Jason J. W. Williams
- Re: large organization nameservers sending i... Kevin Oberman
- RE: large organization nameservers sending icmp packe... David Schwartz