[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS Amplification attack?

Subject: DNS Amplification attack?
From: fweimer at bfk.de (Florian Weimer)
Date: Thu, 22 Jan 2009 15:46:25 +0100
In-reply-to: <[email protected]> (Mark Andrews's message of "Thu, 22 Jan 2009 09:49:26 +1100")
References: <[email protected]>

* Mark Andrews:

> 	Authoritative servers need a cache.  Authoritative servers
> 	need to ask queries.  The DNS protocol has evolved since
> 	RFC 1034 and RFC 1035 and authoritative servers need to
> 	translate named to addresses for their own use.
>
> 	See RFC 1996, A Mechanism for Prompt Notification of Zone
> 	Changes (DNS NOTIFY).

Authoritative servers in typical configurations need a resolver (and
with views, you might even need a very specific resolver).  This does
not mean that authoritative servers must be caches.  It also does not
mean that a resolver operated from the view which contains a
particular authoritatively served zone picks up the correct data (in
other words, there are configurations where the current BIND magic
does not work).

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra?e 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

References:
- DNS Amplification attack?
  - From: Mark_Andrews at isc.org (Mark Andrews)

Prev by Date: inauguration streams review
Next by Date: WSJ on things to do in Santo Domingo
Previous by thread: DNS Amplification attack?
Next by thread: expectations for bgp peering?
Index(es):
- Date
- Thread