[dns-operations] chrome's 10 character QNAMEs to detect NXDOMAIN rewriting
dougb at dougbarton.us
Tue Nov 26 21:22:51 UTC 2013
On 11/26/2013 01:06 PM, Andrew Sullivan wrote:
> On Tue, Nov 26, 2013 at 08:58:18PM +0000, Jim Reid wrote:
>> +1. However the lookups I was talking about are not going to name servers that google owns or have agreed to receive that traffic.
> I'm not sure it's entirely true that, if you've decided to operate a
> root name server, you haven't agreed to receive the traffic. It seems
> to me under those circumstances you're effectively agreeing to receive
> more or less any traffic.
Further, every time strategies to mitigate that traffic like having
resolvers slave the root zone are discussed, a non-trivial subset of the
root operators pipe up and say that since upwards of 90% of the traffic
is junk anyway, a bit more doesn't hurt anything.
> That doesn't mean it's ok for people to spew garbage, please note.
More information about the dns-operations