[nsd-users] NSD and DNSSEC signature refreshing and ZSK rotation

Paul Wouters paul at nohats.ca
Thu Feb 15 19:25:11 UTC 2018

On Thu, 15 Feb 2018, Michael A. Peters wrote:

> I believe the fear was abuse in DDoS amplification attacks.

That is addressed with DNS-COOKIES and RRL:



And of course, one can use ECC based algorithms to reduce the remaining
amplification. DNS software is getting pretty good at reducing this
harm. Good enough to not use 1024 bit RSA anymore.


More information about the nsd-users mailing list