[dns-operations] Storm on the DNS

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Dec 16 10:26:47 UTC 2015

On Wed, Dec 16, 2015 at 01:41:18PM +0800,
 Yonghua Peng <pyh at cloud-china.org> wrote 
 a message of 148 lines which said:

> If so for us the auth-nameservers, can setup firewall to permit only
> the servers from this list to access in.

NO! It would be an awful violation of network neutrality. We have to
serve everyone.

Also, before I see test results, I'm skeptical: it is probably faster
for the server to just reply than to try to find out if it must reply
(many anti-dDoS ideas have this defect: they increase the load on the
victim). Remember the list will be huge!

(And I also agree with the other comments: maintaining such a list
would be a nightmare.)

More information about the dns-operations mailing list