[dns-operations] looking for suggestion: ML for DNS anti-dos
gtaylor at tnetconsulting.net
Thu Apr 2 21:17:51 UTC 2020
On 4/2/20 1:01 PM, John R Levine wrote:
> I would triply emphasize that. Data from the root servers show that
> the vast majority of queries they get are garbage: technically
> ill-formed or for names that have never existed and likely never
This is another reason that I really like a local copy of the root DNS zone.
That copy has historically been a secondary copy. But I'm trying to
learn more about BIND's newer "mirror" zone option, which I think DNSSEC
validates the the transferred copy.
LocalRoot using TSIG keys seems related and is on my reading list.
I would like to get to a point where many DNS servers could safely have
a local copy of the root DNS zone.
See the pertinent RFCs for what "safely" means in this case.
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
More information about the dns-operations