--- Begin Message ---
i think there's language slippage in this thread.
Peter DeVries wrote on 2023-03-29 03:51:
On Tue, Mar 28, 2023, 9:23 PM Dave Lawrence <[email protected]
<mailto:[email protected]>> wrote:
...
It is very poor form for nameservers to intentionally not respond to
queries under normal operation. Now if you were getting hammered by
an unreasonable volume of them that would be another thing.
so, normal operation != during a ddos.
1/4 - 1/3 of all incoming queries matched this signature during DDoS
attacks. It was potentially a quick help.
see also:
http://www.redbarn.org/dns/ratelimits
noting that just about all modern DNS servers have RRL now:
https://duckduckgo.com/?q=dns+rrl&atb=v344-1&ia=web
i suggest linguistic caution when talking about not answering queries.
DNS RRL is nonmodal and must be nonmodal. we must not answer questions
that should not have been sent, and many of these are easily detected.
hopefully DNS RRL will be on by default at some nearby point in time.
--
P Vixie
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
