BCP 140

RFC 5358

Preventing Use of Recursive Nameservers in Reflector Attacks, October 2008

Canonical URL:
https://www.rfc-editor.org/bcp/bcp140.txt
File formats:
Plain TextPDF
Status:
BEST CURRENT PRACTICE
Authors:
J. Damas
F. Neves
Stream:
IETF
Source:
dnsop (ops)

Cite this BCP: TXT

Discuss this RFC: Send questions or comments to iesg@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document describes ways to prevent the use of default configured recursive nameservers as reflectors in Denial of Service (DoS) attacks. It provides recommended configuration as measures to mitigate the attack. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader



Search RFCs
Advanced Search
×