[dns-operations] "NS .", the attack of the month?
Stefan Schmidt
stefan.schmidt at freenet.ag
Sun Jan 25 01:08:38 UTC 2009
On Sat, Jan 24, 2009 at 06:48:31PM -0600, Jeremy C. Reed wrote:
> > Answering with REFUSED or SERVFAIL is still better than not answering at
> > all which, if deployed in large scale, would would most likely cause all
> > recursive servers to cripple under the load of outstanding queries to
> > authoritative servers.
>
> What outstanding queries? Answer to who?
Hmm bad thinking on my side, authoritatives should not be getting too
much queries for zones they are not configured/delegated for.
To answer your question that would be lame delegated auth servers then.
Yes, i use the term lame delegation to depict any delegation that is not
'perfect'.
Anyway as i myself was reminded of this by a friend let me remind you of
the following:
http://doc.powerdns.com/powerdns-advisory-2008-02.html
I don't really remember the kind of spoofing it was back then but apparently
not answering still has bad implications.
Stefan
--
The war ain't over til I say it's over. This is my picture.
- Wag the Dog
More information about the dns-operations
mailing list