We could have prevented the replay/amplification dos attacks that use DNS by mak... | Hacker News

Hacker News .hnnew | past | comments | ask | show | jobs | submit

		LK5ZJwMwgBbHuVI on Oct 10, 2023 \| parent \| context \| favorite \| on: The novel HTTP/2 'Rapid Reset' DDoS attack We could have prevented the replay/amplification dos attacks that use DNS by making DNS use TCP. In practice though the only way to "fix" DNS that would've worked in the 80s would've probably been to require the request be padded to larger than the response...

smallnix on Oct 10, 2023 [–]

But TCP is way more complex

LK5ZJwMwgBbHuVI on Oct 16, 2023 | [–]

... yeah? I know? "In practice though the only way to "fix" DNS that would've worked in the 80s would've probably been to require the request be padded to larger than the response..."

It's not as complex as some "mutual authentication" scheme though lmao

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact