Why hasn't UDP undergone any serious revisions in a long time? DNS is fast and critical, and one of the Achilles heels of modern internet. You can forge DNS servers, overload them, or even take down large portions of the internet from lay access by attacking them. And like this article mentions, you can use a deflection attack to build a massive DDoS attack.
/via +Wayne Radinsky
How to Launch a 65Gbps DDoS, and How to Stop One – CloudFlare blog
Yesterday I posted a post mortem on an outage we had Saturday. The outage was caused when we applied an overly aggressive rate limit to traffic on our network while battling a determined DDoS attacker…
This post has been reshared 3 times on Google+
View this post on Google+
🙂 I suppose saying IPv6 is just adding an extra octet was an oversimplification
Wow. I learned something today. (May I never need to use this information!)
+Paul Kelly IPv6 is a bit more than just that extra octet – it changes the security landscape of routing. I'm sure 'tweaking' DNS would be bigger, but at the same time not too unreasonable given the implications reliable and always online requirements on cloud computing have – and more and more critical systems being set into the cloud. Or everyone important builds their own custom DNS to insulate themselves, which would be rather counter-productive as that's not the idea of a standard.
Looks like IPv6 is only going to make things worse for the time being …
http://www.networkworld.com/news/2011/082511-ipv6-attacks-250117.html
What a massive undertaking it would be to overhaul DNS! Just look at IPv6 – and all they did there was add an octet!
Interesting thought though..