[dns-operations] rate-limiting state(Internet mail)
paul at redbarn.org
Fri Feb 7 17:16:09 UTC 2014
> in DNSPod, we responded user a random cname like afda7896.dnspod.com
> to prevent DNS query flood and avoid TCP issue.
this approach changes the meaning of the dns result, such that the qname
is now an alias. some cname-aware protocols like smtp and http will
behave differently when you insert a cname chain like this. that's a
cost i consider to be too high, even for ddos mitigation.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations