[dns-operations] Fwd: DNS deluge for x.p.ctrc.cc
pierre at baume.org
Mon Feb 27 15:43:53 UTC 2006
Oops, meant to CC the list.
---------- Forwarded message ----------
From: Pierre Baume <pierre at baume.org>
Date: Feb 27, 2006 4:42 PM
Subject: Re: [dns-operations] DNS deluge for x.p.ctrc.cc
To: Paul Vixie <paul at vix.com>
On 2/26/06, Paul Vixie <paul at vix.com> wrote:
> but what should a TLD or root name server operator do? realizing that
> no amount of provisioning (capex, opex, hiring, links, nodes, servers,
> you name it) that will make a server immune to this trivial-to-launch
> my question remains: what's the greater (ir)responsibility, availability
> all or availability during attack?
> this isn't a no-brainer. (i don't know what f-root should do, for
How about giving degraded response (at all times and possibly even more
during attacks) to misconfigured name servers? You could have 2 (sets of)
servers/daemons, one dealing with well-behaved servers, one with the others,
or anything to the same effect.
It's a bit liked internet check-in. You can still check-in at the airport,
but there are fewer and fewer desks, to encourage you into the right
behaviour. This seems to work. :-)
I hope this helps.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations