A recent report raiseed concerns about the abuse of DNSSEC to conduct DDoS attacks. The article reported that DNSSEC-signed domains can be used to conduct reflected DDoS attacks with large amplification factors (averaging 28.9x in their study) that could potentially cripple victim servers. The report went on to recommend that organizations deploying DNSSEC should configure their DNS servers to prevent this and other types of abuse. While this report presents some useful information about the … More ?
See more here:
DNSSEC: Don’t throw the baby out with the bath water