Reply to post: This isn't really a DNSSEC issue is it

Is DNSSEC causing more problems than it solves?

Anonymous Coward
Anonymous Coward

This isn't really a DNSSEC issue is it

It's plain old amplification. Sure what's being amplified is bigger in the first instance but DDoS miscreants never seemed to have too much difficulty getting amplification of a small(er) payload to have a big effect, or to find plain DNS requests with large responses. You can hardly level the accusation at DNSSEC just because signed responses are inherently larger - the same accusation stands for any DNS response more than the 'average' number of records/types that is used as part of an amplification attack.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon