[dns-operations] responding to spoofed ANY queries

Vernon Schryver vjs at rhyolite.com
Thu Jan 17 04:39:43 UTC 2013

> From: "Frank Bulk" <frnkblk at iname.com>

> Perhaps the ratio could be a dynamic whitelist -- if it's 1.5 or less, then
> allow the response to go out.

What would be gained by spending the code complexity and CPU cycles
such a mechanism would require?  What bad things would be avoided
or good things achieved?

(Please do not mention false positives, because that notion of false
positive is irrelevant and does not happen with RRL.)

Vernon Schryver    vjs at rhyolite.com

More information about the dns-operations mailing list