[dns-operations] DNS Attack over UDP fragmentation
ed.lewis at neustar.biz
Fri Sep 6 14:30:41 UTC 2013
On Sep 6, 2013, at 9:29, Daniel Kalchev wrote:
> Might be the appropriate time to think how to depend less on caching is now?
You mean, make DNS a strict client-server system?
Imagine a world in which *every* *single* conversion of a hostname to an address involved packets flowing through the root servers.
> Or cache only after validation?
I shudder to think there's an alternative. If you are going to cache anyway, don't waste your time validating.
NeuStar You can leave a voice message at +1-571-434-5468
There are no answers - just tradeoffs, decisions, and responses.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations