[Chugalug] Signing DNS Queries

Dave Brockman dave at brockmans.com
Wed Sep 4 15:08:09 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/4/2013 10:35 AM, David White wrote:
> .... or, is what I just described exactly what DNSSEC is (for you
> DNSSEC geeks out there - this is still 1 aspect of DNS I still
> don't fully understand)

No, it does nothing of the sort.  The solution to the DNS
amplification issue is the same thing as what we did when people
started abusing SMTP, we shut off open relays.  Shutting down open
resolvers is the logical outcome.  And if you think DNS amplification
factors are huge, check out SNMP amplification factors....

Regards,

dtb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSJ0zZAAoJEMP+wtEOVbcdIC8H/3MPADOs+mJFqsDXutXER6RW
aIWfBhyumecN+U8AApeha9QnqkEJHCkui0rOoGfVVZSdqtFNvkZqwVFRHO/zu4uz
4B9tSAPdX47Na2wWqpAq+iQhFL2LTMnevr8wfhQvf0JPsS/f3spIARn0pRB2cp0T
UNjleFUDEJlTv6MVTcd3s3Fi0jkybRyFSk8Ja13dOq5FnT0ckMyVGeZNttdvsoWm
53E48WufWfXF6OBKpzDizNpYjSkEMXmrUr1khpCmkfk5mDaHk6f/J9PKLZP2f+yv
djk2yK00OxG82v1T607o+AoqWCbji5smPjkfDVG9+86EPVdh0qa2OCNtSLInI+k=
=vb6o
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list