[dns-operations] DNS greylisting?

Florian Weimer fw at deneb.enyo.de
Tue Mar 7 22:01:17 UTC 2006

* Gadi Evron:

>> The idea is to use SYN cookies to whitelist "good" addresses,
>> without keeping too much state servers-side.  You can use CNAME RRs
>> to implement pure UDP-based cookies, by the way.  (Riverhead
>> applied for a patent on such techniques, IIRC.)
> Is SPF for DNS next?

To prevent things like the kimble.org fiasco?  I don't think the
community as a whole cares much about the right-hand side of DNS
records.  This applies to other RHS issues, too, like lame delegations
and bogus authoritative name servers for some TLDs.

More information about the dns-operations mailing list