[dns-operations] RIPE-52 preso on DNS issues, author comments on Slashdot. author comments on Slashdot. author comments on Slashdot.

[Sam Norris]

Great, so a CoDoNS farm could be used to ddos 'legacy' dns servers because 
most of our records are 30 seconds ttl?  Someone generating a ton of queries 
to the beehive could let it take care of querying us for the rest of its 
life?  That's bad.

Sam

----- Original Message ----- 
From: "Duane Wessels" <wessels at packet-pushers.com>
To: <dns-operations at lists.oarci.net>
Sent: 04/26/2006 12:40 PM
Subject: [Spam] [SpamSA] Re: [dns-operations] RIPE-52 preso on DNS issues, 
author comments on Slashdot. author comments on Slashdot. author comments on 
Slashdot.


>> So does anyone have any feelings/thoughts, etc about CoDoNS?
>
> Unfortunatley I don't have anything of substance to say on its
> architecture.  But I did notice something interesting about the
> CoDoNS server:  It automatically refreshes expired cache entries.
>
> So say, for example, you have a lot of names in your zone with very
> short TTLs, and you manage to get those names into CoDoNS caches.
> You'll get repeated queries when the TTL expires, even if no users
> request them.
>
> In my case I'm sending probes to test for open resolvers.  Each
> probe has a unique name (e.g. 21d76597bde465c1.test.$myzone)
> and a 60-second TTL.  I'm seeing a lot of repeats from places
> that fpdns calls Beehive CoDoNS.
>
> Duane W.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations