* Douglas Otis: > DNSSEC UDP will likely become problematic. This might be due to > reflected attacks,
SCTP does not stop reflective attacks at the DNS level. To deal with this issue, you need DNSSEC's denial of existence. The DNSSEC specs currently doesn't allow you to stop these attacks dead in your resolver, but the data is already there. -- Florian Weimer <fwei...@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
