[dns-operations] "NS .", the attack of the month?
Jeremy C. Reed
reed at reedmedia.net
Sun Jan 25 00:48:31 UTC 2009
On Sun, 25 Jan 2009, Stefan Schmidt wrote:
> > extract " Then, a query such as ". IN NS" should result in a REFUSED
> > response."
> Answering with REFUSED or SERVFAIL is still better than not answering at
> all which, if deployed in large scale, would would most likely cause all
> recursive servers to cripple under the load of outstanding queries to
> authoritative servers.
What outstanding queries? Answer to who?
> I wonder which alternatives you are seeing to sending back an answer?
I have been manually adding hosts to a blackhole ACL.
More information about the dns-operations