[dns-operations] DNS Attack over UDP fragmentation

Edward Lewis ed.lewis at neustar.biz
Fri Sep 6 14:30:41 UTC 2013


On Sep 6, 2013, at 9:29, Daniel Kalchev wrote:
> Might be the appropriate time to think how to depend less on caching is now?

You mean, make DNS a strict client-server system?
Imagine a world in which *every* *single* conversion of a hostname to an address involved packets flowing through the root servers.

> Or cache only after validation?


I shudder to think there's an alternative.  If you are going to cache anyway, don't waste your time validating.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis             
NeuStar                    You can leave a voice message at +1-571-434-5468

There are no answers - just tradeoffs, decisions, and responses.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130906/336880ce/attachment.html>


More information about the dns-operations mailing list