[dns-operations] rate-limiting state(Internet mail)

Paul Vixie paul at redbarn.org
Fri Feb 7 17:16:09 UTC 2014



samwu(吴洪声) wrote:
> in DNSPod, we responded user a random cname like afda7896.dnspod.com
> to prevent DNS query flood and avoid TCP issue.

this approach changes the meaning of the dns result, such that the qname
is now an alias. some cname-aware protocols like smtp and http will
behave differently when you insert a cname chain like this. that's a
cost i consider to be too high, even for ddos mitigation.

vixie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140207/d3a83623/attachment.html>


More information about the dns-operations mailing list