[dns-operations] responding to spoofed ANY queries
logrouterlog at gmail.com
Thu Jan 17 08:47:18 UTC 2013
I would be in favour of either a compiler directive or configuration option
to disable support for ANY queries.
I'd save the time used in editing the code myself
On Thu, Jan 17, 2013 at 5:39 AM, Vernon Schryver <vjs at rhyolite.com> wrote:
> > From: "Frank Bulk" <frnkblk at iname.com>
> > Perhaps the ratio could be a dynamic whitelist -- if it's 1.5 or less,
> > allow the response to go out.
> What would be gained by spending the code complexity and CPU cycles
> such a mechanism would require? What bad things would be avoided
> or good things achieved?
> (Please do not mention false positives, because that notion of false
> positive is irrelevant and does not happen with RRL.)
> Vernon Schryver vjs at rhyolite.com
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations