[dns-operations] Natting DNS farm behind LB - using priv ip space.

Patrik Fältström patrik at frobbit.se
Fri Jun 17 17:36:55 UTC 2011


On 17 jun 2011, at 19.34, Florian Weimer wrote:

> * Roland Dobbins:
> 
>> NATting DNS servers (or any other type of server) is a Very Bad Idea -
>> the NAT is a stateful DDoS chokepoint.
> 
> I'm pretty sure address translation is part of many traffic scrubbing
> devices and services, so you're grossly oversimplifying. 8-)

Stateful inspection of flows in front of a DNS server of any kind is A Bad Idea.

   Patrik




More information about the dns-operations mailing list