[dns-operations] EDNS and TLDs

[Matthew Pounsett]

On 17 November 2016 at 04:26, Albert Braden <abraden at about.com> wrote:

> When my employer hosted house.com, we stopped the barrage of updates by
> setting the SOA to 127.0.0.1. YMMV
>

There is a large-ish TLD which has "." as the MNAME in its infrastructure
zones (not the TLD itself).  Since are no address records for that label it
is a quick and painless way to completely prevent UPDATE messages form ever
being sent in the first place.




>
> -----Original Message-----
> From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On
> Behalf Of Florian Weimer
> Sent: Wednesday, November 16, 2016 8:01 AM
> To: Phil Regnauld <regnauld at nsrc.org>; Mark Andrews <marka at isc.org>
> Cc: dns-operations at dns-oarc.net
> Subject: Re: [dns-operations] EDNS and TLDs
>
> On 10/29/2016 11:06 AM, Phil Regnauld wrote:
> > Mark Andrews (marka) writes:
> >>
> >> Thanks.  Firewall are the biggest problems at the moment.
> >
> >       Firewalls in front of DNS servers still puzzle me.
>
> If you want to run BIND, a packet filter in front of it currently is the
> only way to switch off processing of DNS UPDATE messages in BIND, so I
> can see why people do this.
>
> Florian
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161117/03578cb7/attachment.html>