[dns-operations] Storm on the DNS
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Dec 16 10:26:47 UTC 2015
On Wed, Dec 16, 2015 at 01:41:18PM +0800,
Yonghua Peng <pyh at cloud-china.org> wrote
a message of 148 lines which said:
> If so for us the auth-nameservers, can setup firewall to permit only
> the servers from this list to access in.
NO! It would be an awful violation of network neutrality. We have to
serve everyone.
Also, before I see test results, I'm skeptical: it is probably faster
for the server to just reply than to try to find out if it must reply
(many anti-dDoS ideas have this defect: they increase the load on the
victim). Remember the list will be huge!
(And I also agree with the other comments: maintaining such a list
would be a nightmare.)
More information about the dns-operations
mailing list