@dakami Can you comment on DNSSEC & packet amplification? Cc: @eastdakota @davidu I asked @eastdakota (CEO (cont) http://tl.gd/n_1rjbg2p
@sambowne drill -b 8192 txt http://x.dos.dnscrypt.org -> 8 Kb response, without DNSSEC. How is DNSSEC the actual issue here?
-
-
@jedisct1@sambowne http://x.dos.dnscrypt.org is only one server. DNSsec keys are on all servers. -
@ErrataRob It doesn't matter. That is enough to abuse open resolvers not implementing RRLs to DDoS anything. UDP is the issue here. - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.