[dns-operations] DNS deluge for x.p.ctrc.cc
paul at vix.com
Fri Mar 3 05:24:01 UTC 2006
hi matt. i saw your subscription come in today. welcome!
# Even if we magically lock down all the open recursing nameservers,
# the baddies can still spoof queries to authoritative nameservers for
# domainkey TXT records, DHCID, SSHFP, or NAPTR records, or any of the
# multitude of horking huge blobs of random crap that make DNSSEC the
# horror that it is.
i strongly recommend reading the end-of-february archives of this list
to see how that issue has been treated so far. (gzip'd text 61KBytes)
# What will we do then? Not sure how we "lock down" the autoritative
# nameservers; their job is answering questions.
again, plz see the archives.
More information about the dns-operations