[dns-operations] Fwd: DNS deluge for x.p.ctrc.cc
Pierre Baume
pierre at baume.org
Mon Feb 27 15:43:53 UTC 2006
Paul,
Oops, meant to CC the list.
Pierre.
---------- Forwarded message ----------
From: Pierre Baume <pierre at baume.org>
Date: Feb 27, 2006 4:42 PM
Subject: Re: [dns-operations] DNS deluge for x.p.ctrc.cc
To: Paul Vixie <paul at vix.com>
Hi Paul,
On 2/26/06, Paul Vixie <paul at vix.com> wrote:
[...]
> but what should a TLD or root name server operator do? realizing that
there's
> no amount of provisioning (capex, opex, hiring, links, nodes, servers,
pipes,
> you name it) that will make a server immune to this trivial-to-launch
attack,
> my question remains: what's the greater (ir)responsibility, availability
to
> all or availability during attack?
>
> this isn't a no-brainer. (i don't know what f-root should do, for
example.)
[...]
How about giving degraded response (at all times and possibly even more
during attacks) to misconfigured name servers? You could have 2 (sets of)
servers/daemons, one dealing with well-behaved servers, one with the others,
or anything to the same effect.
It's a bit liked internet check-in. You can still check-in at the airport,
but there are fewer and fewer desks, to encourage you into the right
behaviour. This seems to work. :-)
I hope this helps.
Pierre.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060227/725f17c5/attachment.html>
More information about the dns-operations
mailing list