Stephane, I must say that I am disappointed by the narrative that you are creating here: “this is good reading, but ISC disagrees”.
We actually think the proposed attack is very clever way how to abuse the way modern resolvers work. Our argument is that the existing (default) BIND 9 settings already mitigates the attack to a level that’s just enough. And that’s described in length in the mentioned blogpost by Nicki. I don’t know why are you trying to create rift where there’s really none. Ondřej -- Ondřej Surý (He/Him) > On 27. 5. 2024, at 17:12, Stephane Bortzmeyer <[email protected]> wrote: > > The paper is good reading: > > https://dnsbomb.net/ > > ISC disagrees: > > https://www.isc.org/blogs/2024-dnsbomb/ > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
