Home page logo

nanog logo nanog mailing list archives

Re: DNS Amplification attack?
From: Florian Weimer <fweimer () bfk de>
Date: Thu, 22 Jan 2009 15:46:25 +0100

* Mark Andrews:

      Authoritative servers need a cache.  Authoritative servers
      need to ask queries.  The DNS protocol has evolved since
      RFC 1034 and RFC 1035 and authoritative servers need to
      translate named to addresses for their own use.

      See RFC 1996, A Mechanism for Prompt Notification of Zone
      Changes (DNS NOTIFY).

Authoritative servers in typical configurations need a resolver (and
with views, you might even need a very specific resolver).  This does
not mean that authoritative servers must be caches.  It also does not
mean that a resolver operated from the view which contains a
particular authoritatively served zone picks up the correct data (in
other words, there are configurations where the current BIND magic
does not work).

Florian Weimer                <fweimer () bfk de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra├če 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]