[dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency
askuma at microsoft.com
Fri Dec 26 17:03:51 UTC 2014
+1 for Paul Vixie.
Not a big fan of sending stale answers.
From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On Behalf Of Paul Vixie
Sent: Friday, December 26, 2014 04:02
To: Colm MacCárthaigh
Subject: Re: [dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency
> * Colm MacCárthaigh:
>> > There's a good question embedded in that discussion: when a
>> > resolver fails to get an answer from all of the authoritative
>> > nameservers for a domain, why not use the last known answer, even if it's stale.
that's what opendns does.
>> > Yes, that clearly violates the TTL of the rrset, but wouldn't be
>> > over-all better for the health of the internet?
no. sometimes the old value is dangerous (private; load; loss) to the person who changed it.
dns-operations mailing list
dns-operations at lists.dns-oarc.net
dns-jobs mailing list
More information about the dns-operations