On 02/04/2020 11:10, Davey Song wrote: > I'm very confused that why people on the list are suggesting RRL (even > BCP38) to the victim of DoS attack? If I remember correctly, the goal of > both RRL and BCP38 is to reduce the chance of participating the attack > as a innocent helper. > > In the introduce of RRL (https://kb.isc.org/docs/aa-01000) , it goes : > "RRL helps mitigate DNS denial-of-service attacks by reducing the rate > at which authoritative servers respond to high volumes of malicious > queries. " > > Please correct me .
The OP described a spoofed-source amplification attack. They are not the "victim", but the unwilling participant. RRL is the correct solution for this class of attack. Ray _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
