These are chat archives for CZ-NIC/knot-resolver

Feb 2018
Vladimír Čunát
Feb 12 2018 19:58 UTC
@Mic92 NixOS/nixpkgs#34905
Jörg Thalheim
Feb 12 2018 21:52 UTC
@vcunat is tls-over-dns also vulnerable to dns amplification attacks?
Vladimír Čunát
Feb 12 2018 23:01 UTC
I don't expect there's a real vulnerability. Even for plain TCP I don't think there's a way to redirect answers to someone else.
If there was, I'd rather attack http(s), as the amplification ratio there is orders of magnitude higher, and usually the cost to generate answers is also higher :-)