[dns-operations] solutions for DDoS mitigation of DNS
tessa at plum.ovh
Fri Apr 3 01:18:46 UTC 2020
Fred Morris wrote:
> There is this thing called a "search list". Love 'em or hate 'em (kind
> of like DNAMEs!).
> Suppose your (ab)user is in a coffee shop (wearing appropriate hazmat
> gear of course). They load their web browser. It's visited
> secret-project.university-example.edu previously. Being extremely
> helpful, the browser tries to prefetch the address for
> secret-project.university-example.edu. When that doesn't work, it then
> tries secret-project.university-example.edu.coffeeshop-example.com. And
> so on, and so forth. (*cough* .cisco *cough* .belkin... no it's not
> COVID, I seem to have some DNS caught in my throat...)
Not only for those private domain names, but zone data also includes the
administrative structure of corp/group.
For example, Colleges and Departmnts, administration offices and their
sub-domains and MX records were defined in this zone file.
More information about the dns-operations