The vulnerability affects not only infrastructures using general-purpose firewalls to filter DNS traffic but also those that use RRL, the technology that we found to be the most appropriate to deal with DNS DDoS amplification attacks. The presentation will go through a detailed description of the modus operandi of the attack and the underlying mathematical model. We will then expose our recommendations and how they address the discovered vulnerability. We will then describe the timeline that we followed to disclose our findings, including how actors have been contacted and what their feedbacks and concerns were regarding our proposed countermeasures. Several scenarios will be analyzed, including infrastructures using general-purpose firewall rate-limiting, so-called malformed packets filtering, RRL using a slip value different than 1, and some interesting setups that were brought to our attention by prominent DNS operators and designers. Finally, we will formulate some open questions regarding possible long term fixes.