On Aug 3, 2012, at 10:07 AM, Mohamed Lrhazi wrote: > I guess I should ask the same question about side effects when there are no > configuration mistakes at all :)
One unintended consequence of DNSSEC deployment is that it has made DNS reflection/amplification attacks even easier - rather than have to dork around looking for large TXT records or issuing ANY queries, the attack is guaranteed that he'll get at least a 1300-byte response for all spoofed the queries he issues to DNSSEC-capable DNS servers. ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
