4 Nov
2010
4 Nov
'10
7:26 a.m.
On Nov 5, 2010, at 8:21 AM, Sebastian Castro wrote:
The reason I think they are using
is because isc.org is signed and the response is large (1436 bytes) if you query using EDNS0 set.
I've seen more and more of this, making use of various DNSSEC servers/RRs, in the last few weeks. DNSSEC has made it much easier for folks launching amplification/reflection attacks to locate records which return large answers in response to small queries.
-----------------------------------------------------------------------
Roland Dobbins