nanog mailing list archives
Re: maybe a dumb idea on how to fix the dns problems i don't know....
From: Rob Payne <rnspayne () the-paynes com>
Date: Sun, 10 Aug 2008 17:05:04 -0400
On Sun, Aug 10, 2008 at 01:06:06PM -0700, Chris Paul wrote:
brett watson wrote:Hey authority DNS server operators. Can you make a change to your servers to always allow TCP client connections? Would this be difficult? What would be the harm?
SYN flooding?
from your clients? We ways of knowing people on our local network are doing this type of thing and turn them off at the switch today. Why are you are doing dns recursion for people outside your network?
The question isn't whether to offer TCP/53 up at the recursive server. The issue is that for you to use TCP/53 from your recursive server, it has to be offered up at the authoritative end. The authoritative server operators have to offer TCP/53 and the firewall administrators between the recursive server and the authoritative servers have to allow the traffic. -rob
Current thread:
- Re: maybe a dumb idea on how to fix the dns problems i don't know...., (continued)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Randy Bush (Aug 09)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Michael Thomas (Aug 09)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 09)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... brett watson (Aug 09)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Paul Vixie (Aug 09)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Joe Abley (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Paul Vixie (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Joe Abley (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Paul Vixie (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Rob Payne (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
- Message not available
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... list-nanog (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Joe Greco (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Victor Jerlin (Aug 10)