[dns-operations] Fwd: DNS deluge for x.p.ctrc.cc

Pierre Baume pierre at baume.org
Mon Feb 27 15:43:53 UTC 2006


  Oops, meant to CC the list.


---------- Forwarded message ----------
From: Pierre Baume <pierre at baume.org>
Date: Feb 27, 2006 4:42 PM
Subject: Re: [dns-operations] DNS deluge for x.p.ctrc.cc
To: Paul Vixie <paul at vix.com>

Hi Paul,

On 2/26/06, Paul Vixie <paul at vix.com> wrote:

> but what should a TLD or root name server operator do?  realizing that
> no amount of provisioning (capex, opex, hiring, links, nodes, servers,
> you name it) that will make a server immune to this trivial-to-launch
> my question remains: what's the greater (ir)responsibility, availability
> all or availability during attack?
> this isn't a no-brainer.  (i don't know what f-root should do, for

  How about giving degraded response (at all times and possibly even more
during attacks) to misconfigured name servers? You could have 2 (sets of)
servers/daemons, one dealing with well-behaved servers, one with the others,
or anything to the same effect.

  It's a bit liked internet check-in. You can still check-in at the airport,
but there are fewer and fewer desks, to encourage you into the right
behaviour. This seems to work. :-)

  I hope this helps.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060227/725f17c5/attachment.html>

More information about the dns-operations mailing list