[dns-operations] Getting rid of ISP's recursive DNS servers? (Was: Eircom "DNS Attacks" ?
Florian Weimer
fw at deneb.enyo.de
Sun Jul 19 07:18:29 UTC 2009
* Stephane Bortzmeyer:
> I wonder what do the root name server operators think about his
> suggestion?
Uhm, what have the roots got to do with it?
Anyway, there's a way to reduce the impact of cache poisoning even for
large shared resolvers:
<http://www.ops.ietf.org/lists/namedroppers/namedroppers.2008/msg01563.html>
And a bit more elaborate explanation:
<http://www.ops.ietf.org/lists/namedroppers/namedroppers.2009/msg00469.html>
The downside is that it doubles the number of upstream queries (or
worse).
More information about the dns-operations
mailing list