nanog mailing list archives
Re: Sitefinder and DDoS
From: Owen DeLong <owen () delong com>
Date: Fri, 10 Oct 2003 08:54:21 -0700
But, that requirement simply says that if at x time you query *.something and otherwise-unmatched.something, you get the same result. It doesn't say that if you query at *.something at x time and otherwise-unmatched at x+5 time, you will get the same result. DNS servers can return differentanswers over time, and, expecting them not to change rapidly is an assumption
not inherent in the protocol, much like the assumption that *.net and *.com would not get arbitrarily defined by the registry. While I would agree these are reasonable assumptions, I think we need to make some effort to get these assumptions codified into the protocol before someone else breaks them again. Owen--On Friday, October 10, 2003 9:41 AM +0200 Bruce Campbell <bc-nanog () vicious dropbear id au> wrote:
On Thu, 9 Oct 2003, Kee Hinckley wrote:At 10:41 PM +0300 10/9/03, Petri Helenius wrote: > With $100M annual revenue at stake, I would be willing to provide > distributed solutions > to this problem if you send me a reasonable fraction of that money. But can you do it without breaking the assumption that any lookup on *.TLD will always return the same value as badxxxdomain.TLD?Well, the problem space is that a wildcard is involved. Since 1034 indicates that the answer for '*.something' is the same as 'otherwise-unmatched.something', I think this assumption is fairly safe. The assumption is not safe if the authoritative nameservers for the underlying zone are not performing according to the DNS specs; ie, they have synthesised answers that are not from a wildcard (which can be queried). --==-- Bruce.
Current thread:
- Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS bmanning (Oct 09)
- Message not available
- Re: Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- Message not available
- Re: Sitefinder and DDoS bmanning (Oct 09)
- <Possible follow-ups>
- Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- Re: Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS Kee Hinckley (Oct 09)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- Re: Sitefinder and DDoS Bruce Campbell (Oct 10)
- Re: Sitefinder and DDoS Owen DeLong (Oct 10)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)