[nsd-users] NSD and DNSSEC signature refreshing and ZSK rotation
paul at nohats.ca
Thu Feb 15 19:25:11 UTC 2018
On Thu, 15 Feb 2018, Michael A. Peters wrote:
> I believe the fear was abuse in DDoS amplification attacks.
That is addressed with DNS-COOKIES and RRL:
And of course, one can use ECC based algorithms to reduce the remaining
amplification. DNS software is getting pretty good at reducing this
harm. Good enough to not use 1024 bit RSA anymore.
More information about the nsd-users