Why can’t we block DNS Amplification attack by blocking UDP packets or DNS response packet?
I mean if the attacker tries to ask all the open DNS resolver respond to a web server. The web server can just block its UDP ports.
If the all the DNS response go to a Authoritative Nameserver(victim), it can just drop all DNS response.