[dns-operations] "NS .", the attack of the month?

Jeremy C. Reed reed at reedmedia.net
Sun Jan 25 00:48:31 UTC 2009


On Sun, 25 Jan 2009, Stefan Schmidt wrote:

> > extract " Then, a query such as ". IN NS" should result in a REFUSED
> > response."
> 
> Answering with REFUSED or SERVFAIL is still better than not answering at
> all which, if deployed in large scale, would would most likely cause all
> recursive servers to cripple under the load of outstanding queries to
> authoritative servers.

What outstanding queries? Answer to who?

> I wonder which alternatives you are seeing to sending back an answer?

I have been manually adding hosts to a blackhole ACL.



More information about the dns-operations mailing list