[dns-operations] Root-servers returning TC=1 after 5 NXDOMAINS
Tony Finch
dot at dotat.at
Wed Feb 11 16:23:46 UTC 2015
Paul Hoffman <paul.hoffman at vpnc.org> wrote:
>
> It sounds like a bad configuration for RRL at f-root, given the replies
> below that they are unique queries (which would make sense from a
> caching resolver).
I don't think it is that bad. If you fail to ratelimit because all the
queries are different then attackers have a trivial bypass.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Southeast Bailey: Southerly veering northerly 6 to gale 8, then easterly 4 or
5, increasing 6 or 7 later. Very rough becoming rough. Rain. Moderate or poor.
More information about the dns-operations
mailing list