[dns-operations] Natting DNS farm behind LB - using priv ip space.
Patrik Fältström
patrik at frobbit.se
Fri Jun 17 17:36:55 UTC 2011
On 17 jun 2011, at 19.34, Florian Weimer wrote:
> * Roland Dobbins:
>
>> NATting DNS servers (or any other type of server) is a Very Bad Idea -
>> the NAT is a stateful DDoS chokepoint.
>
> I'm pretty sure address translation is part of many traffic scrubbing
> devices and services, so you're grossly oversimplifying. 8-)
Stateful inspection of flows in front of a DNS server of any kind is A Bad Idea.
Patrik
More information about the dns-operations
mailing list