[dns-operations] DNS deluge for x.p.ctrc.cc
Matt Ghali
matt at snark.net
Fri Mar 3 18:53:04 UTC 2006
On Fri, 3 Mar 2006, Paul Vixie wrote:
> hi matt. i saw your subscription come in today. welcome!
Thanks!
> # What will we do then? Not sure how we "lock down" the autoritative
> # nameservers; their job is answering questions.
>
> again, plz see the archives.
I did read through past traffic before jumping in- are you referring
to the various rate-limiting schemes that were mentioned? If so, I'm
pretty sure that rate-limiting, or even keeping the state required
to try, is probably a pretty bad idea.
As an aside, why is it that in this field, people keep getting the
bright idea that keeping state for a set of elements which is by
definition unbounded in size will magically fix a problem?
disclaimer: I do work for a company who sells a very
high-performance nameserver, so my opinions may be colored. :)
matto
--matt at snark.net------------------------------------------<darwin><
The only thing necessary for the triumph
of evil is for good men to do nothing. - Edmund Burke
More information about the dns-operations
mailing list