[dns-operations] DNS deluge for x.p.ctrc.cc

Paul Vixie paul at vix.com
Fri Mar 3 05:24:01 UTC 2006

hi matt.  i saw your subscription come in today.  welcome!

# Even if we magically lock down all the open recursing nameservers, 
# the baddies can still spoof queries to authoritative nameservers for 
# domainkey TXT records, DHCID, SSHFP, or NAPTR records, or any of the 
# multitude of horking huge blobs of random crap that make DNSSEC the 
# horror that it is.

i strongly recommend reading the end-of-february archives of this list
to see how that issue has been treated so far.  (gzip'd text 61KBytes)

# What will we do then? Not sure how we "lock down" the autoritative 
# nameservers; their job is answering questions.

again, plz see the archives.

More information about the dns-operations mailing list