[colug-432] DNS Amplification Attack

[Rick Troth]

Can someone explain to me how a DNS server is "open" to a DNS
"amplification attack"?

If I understand the basic concept, the reply addr is bogus (and is the
target of the attack).  What I don't understand is how I'm supposed to
secure my DNS server from assisting the bad guys.  If my DNS server is
supposed to answer queries for my domain, how do I ensure that it only
handles legit queries?


-- 
-- R;   <><