[dns-operations] Signing on the fly and UltraDNS
Paul Vixie
paul at redbarn.org
Tue Jan 5 08:00:25 UTC 2021
On Mon, Jan 04, 2021 at 10:44:43PM -0500, Viktor Dukhovni wrote:
> On Tue, Jan 05, 2021 at 02:39:27AM +0000, Paul Hoffman wrote:
>
> > ...
>
> These are certainly *interesting* choices, but the result is a valid
> denial of existence, which for some reason chooses to optimise to defend
> against zone walking (of a zone whose content is entirely predictable,
> and likely a matter of public record, ...), rather than improved
> negative caching. ...
in case this configuration is inconvenient for anybody, i've put a dump of
records matching *.house.gov seen within the last seven (7) days online here:
http://family.redbarn.org/~vixie/house.gov.txt
i did not deduplicate, because the tick rate of the SOA serial is interesting.
(moral of story: zone transfer is not the risk surface anybody thought it was.)
--
Paul Vixie
More information about the dns-operations
mailing list