4 Nov
2010
4 Nov
'10
7:26 a.m.
On Nov 5, 2010, at 8:21 AM, Sebastian Castro wrote:
The reason I think they are using <isc.org, ANY> is because isc.org is signed and the response is large (1436 bytes) if you query using EDNS0 set.
I've seen more and more of this, making use of various DNSSEC servers/RRs, in the last few weeks. DNSSEC has made it much easier for folks launching amplification/reflection attacks to locate records which return large answers in response to small queries. ----------------------------------------------------------------------- Roland Dobbins <rdobbins(a)arbor.net> // <http://www.arbornetworks.com> Sell your computer and buy a guitar.