[dns-operations] we may finally have a dnssec use case ; -) Re: Odd behaviour of DNS queries in PRC (facebook, youtube & twitter)
George Barwood
george.barwood at blueyonder.co.uk
Mon Mar 29 14:25:26 UTC 2010
----- Original Message -----
From: "Dobbins, Roland" <rdobbins at arbor.net>
To: <dns-operations at lists.dns-oarc.net>
Sent: Monday, March 29, 2010 2:57 PM
Subject: Re: [dns-operations] we may finally have a dnssec use case ; -) Re: Odd behaviour of DNS queries in PRC (facebook, youtube & twitter)
> No, it doesn't, and no, it isn't, at least not directly; the *second-order effect* is of a DoS nature, but this is an instance in which integrity would end up ensuring availability.
It might, or it might not. A validating stub resolver using a non-validating cache will still experience denial of service.
Also, it seems there is some doubt about whether root-servers.net will be signed ( and presumably
other similar zones ). If not, denial of service attacks of this nature can still succeed.
More information about the dns-operations
mailing list