[dns-operations] DNS Attack over UDP fragmentation
Edward Lewis
ed.lewis at neustar.biz
Fri Sep 6 14:30:41 UTC 2013
On Sep 6, 2013, at 9:29, Daniel Kalchev wrote:
> Might be the appropriate time to think how to depend less on caching is now?
You mean, make DNS a strict client-server system?
Imagine a world in which *every* *single* conversion of a hostname to an address involved packets flowing through the root servers.
> Or cache only after validation?
I shudder to think there's an alternative. If you are going to cache anyway, don't waste your time validating.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
There are no answers - just tradeoffs, decisions, and responses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130906/336880ce/attachment.html>
More information about the dns-operations
mailing list