[110916] in North American Network Operators' Group
Re: DNS Amplification attack?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Jan 22 09:45:34 2009
To: Mark Andrews <Mark_Andrews@isc.org>
From: Florian Weimer <fweimer@bfk.de>
Date: Thu, 22 Jan 2009 15:46:25 +0100
In-Reply-To: <200901212249.n0LMnQjm008696@drugs.dv.isc.org> (Mark Andrews's
message of "Thu, 22 Jan 2009 09:49:26 +1100")
Cc: Crist Clark <Crist.Clark@globalstar.com>, nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
* Mark Andrews:
> Authoritative servers need a cache. Authoritative servers
> need to ask queries. The DNS protocol has evolved since
> RFC 1034 and RFC 1035 and authoritative servers need to
> translate named to addresses for their own use.
>
> See RFC 1996, A Mechanism for Prompt Notification of Zone
> Changes (DNS NOTIFY).
Authoritative servers in typical configurations need a resolver (and
with views, you might even need a very specific resolver). This does
not mean that authoritative servers must be caches. It also does not
mean that a resolver operated from the view which contains a
particular authoritatively served zone picks up the correct data (in
other words, there are configurations where the current BIND magic
does not work).
--=20
Florian Weimer <fweimer@bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstra=DFe 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
