DDoS attacks threaten Internet security and stability, with attacks reaching
the Tbps range. A popular approach involves DNS-based reflection and
amplification, a type of attack in which a domain name, known to return a large
answer, is queried using spoofed requests. Do the chosen names offer the
largest amplification, however, or have we yet to see the full amplification
potential? And while operational countermeasures are proposed, chiefly limiting
responses to ‘ANY’ queries, up to what point…