--- Begin Message ---
On Tue, Mar 28, 2023, 9:23 PM Dave Lawrence <[email protected]> wrote:
> Peter DeVries via dns-operations writes:
> > We almost blocked these because we didn't know what they were but then
> > I stumbled upon one of the old RFC drafts for query minimization and
> > it does mention this as a technique.
>
> Why would you drop them if you had not stumbled on the old draft?
>
> It is very poor form for nameservers to intentionally not respond to
> queries under normal operation. Now if you were getting hammered by
> an unreasonable volume of them that would be another thing.
1/4 - 1/3 of all incoming queries matched this signature during DDoS
attacks. It was potentially a quick help.
In the end this actually helped profile well behaved servers more than
attackers and I will note we did not block this traffic at any point.
> Another relevant draft:
> https://datatracker.ietf.org/doc/html/rfc8906
Not sure how, it doesn't address _. as a use case at all and I only see
testing for minimal EDNS not minimal qname.
Peter
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
