[dns-operations] NXDOMAIN for some types and not others (Was: Too Open (Was: OpenDNS makes your Internet work better
David Ulevitch
davidu at everydns.net
Wed Jul 12 12:08:06 UTC 2006
On Jul 12, 2006, at 4:58 AM, Florian Weimer wrote:
> * Stephane Bortzmeyer:
>
>> ~ % dig AAAA www.nic.rf
>>
>> ; <<>> DiG 9.2.4 <<>> AAAA www.nic.rf
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25198
>
> Good catch. This results in a DoS attack vector if you put another
> caching resolver between your clients and the OpenDNS servers. 8-/
Can you expand on this? It's not obvious to me who the DoS attack
victim would be in that scenario.
-david
More information about the dns-operations
mailing list