[dns-operations] Another whitepaper on DDOS
Tony Finch
dot at dotat.at
Wed Feb 27 10:06:59 UTC 2013
Mike Jones <mike at mikejones.in> wrote:
>
> What if you add your server to the delegation, and either leave one of
> their servers in the list or clone their zone and host that on a
> separate server? Resolvers with the old keys cached will only take
> answers from the old servers. Resolvers that have refreshed and got
> the new keys will only take answers from the new servers.
Interesting thought. This will work for validating recursive servers that
are able to iteratively try authority servers until they find one that
works. Validators that can't do that (stub resolvers, resolvers in walled
gardens) are likely to have problems.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
More information about the dns-operations
mailing list