[dns-operations] Everyone as root server ? Was: FreeBSD and the slaving of the root zone
Peter Dambier
peter at peter-dambier.de
Tue Jul 31 19:59:46 UTC 2007
Roland Dobbins wrote:
> On Jul 31, 2007, at 11:40 AM, Peter Dambier wrote:
>
>
>>DoS attacks implementing address spoofing always use
>>UDP.
>
>
> To clarify, you're not making this assertion about packet-level
> attacks, but transactional attacks, correct?
>
I see. I attacked the wrong server :)
As long as there are no key records in the root this kind of attack
does not make sense on a rootserver.
Just an aside. Looks to me like splitting UDP and TCP servers might
be idea. Either via firewall or like tinydns / axfrdns from the
djbdns packages. Now axfr would no longer impact the udp nameservers.
Even if the TCP servers take much longer, the clients will wait.
The time does not matter because there is no user on the slave.
On the other hand the slave will answer much faster because
it is local to its clients.
Kind regards
Peter and Karin
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.arl.pirates
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/
More information about the dns-operations
mailing list