[dns-operations] DNS deluge for x.p.ctrc.cc

Matt Ghali matt at snark.net
Fri Mar 3 18:53:04 UTC 2006

On Fri, 3 Mar 2006, Paul Vixie wrote:

> hi matt.  i saw your subscription come in today.  welcome!


> # What will we do then? Not sure how we "lock down" the autoritative
> # nameservers; their job is answering questions.
> again, plz see the archives.

I did read through past traffic before jumping in- are you referring 
to the various rate-limiting schemes that were mentioned? If so, I'm 
pretty sure that rate-limiting, or even keeping the state required 
to try, is probably a pretty bad idea.

As an aside, why is it that in this field, people keep getting the 
bright idea that keeping state for a set of elements which is by 
definition unbounded in size will magically fix a problem?

disclaimer: I do work for a company who sells a very 
high-performance nameserver, so my opinions may be colored. :)


--matt at snark.net------------------------------------------<darwin><
               The only thing necessary for the triumph
               of evil is for good men to do nothing. - Edmund Burke

More information about the dns-operations mailing list