[dns-operations] solutions for DDoS mitigation of DNS

Tessa Plum tessa at plum.ovh
Fri Apr 3 01:18:46 UTC 2020

Fred Morris wrote:
> There is this thing called a "search list". Love 'em or hate 'em (kind 
> of like DNAMEs!).
> Suppose your (ab)user is in a coffee shop (wearing appropriate hazmat 
> gear of course). They load their web browser. It's visited 
> secret-project.university-example.edu previously. Being extremely 
> helpful, the browser tries to prefetch the address for 
> secret-project.university-example.edu. When that doesn't work, it then 
> tries secret-project.university-example.edu.coffeeshop-example.com. And 
> so on, and so forth. (*cough* .cisco *cough* .belkin... no it's not 
> COVID, I seem to have some DNS caught in my throat...)


Not only for those private domain names, but zone data also includes the 
administrative structure of corp/group.

For example, Colleges and Departmnts, administration offices and their 
sub-domains and MX records were defined in this zone file.


More information about the dns-operations mailing list