Rate limiting is currently fairly strict to prevent amplification. Using DNS cookies, it can be confirmed that a query is legitimate (or at least the attacker is on the network path) and this limit can be raised. We would still want to avoid abusive amounts of traffic, but at least amplification would not be the concern.
Rate limiting is currently fairly strict to prevent amplification. Using DNS cookies, it can be confirmed that a query is legitimate (or at least the attacker is on the network path) and this limit can be raised. We would still want to avoid abusive amounts of traffic, but at least amplification would not be the concern.