Re: Re: DNS load research

Guy wrote:
> > -----Original Message-----
> > From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com [mailto:owner-spf-
> > discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Andy Bakun
> > Sent: Wednesday, March 23, 2005 5:26 PM
> > To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
> > Subject: Re: [spf-discuss] Re: DNS load research
> >
> > On Wed, 2005-03-23 at 16:27 -0500, Radu Hociung wrote:
> >
> >
> > > I forgot one thing:
> > >
> > > After a few minutes of thinking how to fix this, admins figure out that
> > > by setting their servers to not respond to TXT queries makes the problem
> > > go away in seconds. UDP queries are not long lived, so if all TXT
> > > records disapeared at the same time, it would take only a few seconds
> > > for the storm to go away.
> > >
> > > In other words, take SPF away, and the internet is back on its feet.
> > >
> > > So how do you explain that SPF is not do blame?
> > Removing the SPF check stopped the virus from spreading?  Seems all
> > you've done is greased the channel it was using to propagate, since it
> > takes less time to use the same amount of bandwidth.
>  
> That is not what Radu said!  He made no claim that the virus would stop,
> just the DDOS attack.  In fact, he did not say the DDOS would stop, just
> that the internet would be back on its feet.  Maybe not running, but
> standing anyway.
Thank you Guy, that is exactly what I meant. In fact, removing the TXT 
records would only take the amplification factors away. At that point 
this virus would become as tame as any other.
Radu