[dns-operations] Fwd: DNS deluge for x.p.ctrc.cc

Pierre Baume pierre at baume.org
Mon Feb 27 15:43:53 UTC 2006


Paul,

  Oops, meant to CC the list.

Pierre.


---------- Forwarded message ----------
From: Pierre Baume <pierre at baume.org>
Date: Feb 27, 2006 4:42 PM
Subject: Re: [dns-operations] DNS deluge for x.p.ctrc.cc
To: Paul Vixie <paul at vix.com>

Hi Paul,

On 2/26/06, Paul Vixie <paul at vix.com> wrote:
[...]

> but what should a TLD or root name server operator do?  realizing that
there's
> no amount of provisioning (capex, opex, hiring, links, nodes, servers,
pipes,
> you name it) that will make a server immune to this trivial-to-launch
attack,
> my question remains: what's the greater (ir)responsibility, availability
to
> all or availability during attack?
>
> this isn't a no-brainer.  (i don't know what f-root should do, for
example.)
[...]

  How about giving degraded response (at all times and possibly even more
during attacks) to misconfigured name servers? You could have 2 (sets of)
servers/daemons, one dealing with well-behaved servers, one with the others,
or anything to the same effect.

  It's a bit liked internet check-in. You can still check-in at the airport,
but there are fewer and fewer desks, to encourage you into the right
behaviour. This seems to work. :-)

  I hope this helps.

Pierre.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060227/725f17c5/attachment.html>


More information about the dns-operations mailing list