mailing list archives
Re: DNS Amplification attack?
From: Florian Weimer <fweimer () bfk de>
Date: Thu, 22 Jan 2009 15:46:25 +0100
* Mark Andrews:
Authoritative servers need a cache. Authoritative servers
need to ask queries. The DNS protocol has evolved since
RFC 1034 and RFC 1035 and authoritative servers need to
translate named to addresses for their own use.
See RFC 1996, A Mechanism for Prompt Notification of Zone
Changes (DNS NOTIFY).
Authoritative servers in typical configurations need a resolver (and
with views, you might even need a very specific resolver). This does
not mean that authoritative servers must be caches. It also does not
mean that a resolver operated from the view which contains a
particular authoritatively served zone picks up the correct data (in
other words, there are configurations where the current BIND magic
does not work).
Florian Weimer <fweimer () bfk de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
- Re: DNS Amplification attack?, (continued)