[116525] in North American Network Operators' Group
Re: DNS hardening, was Re: Dan Kaminsky
daemon@ATHENA.MIT.EDU (Paul Jakma)
Thu Aug 6 05:06:23 2009
Date: Thu, 6 Aug 2009 10:04:32 +0100 (BST)
From: Paul Jakma <paul@jakma.org>
To: Florian Weimer <fweimer@bfk.de>
In-Reply-To: <82eirp8l09.fsf@mid.bfk.de>
Mail-Copies-To: paul@jakma.org
Mail-Followup-To: paul@jakma.org
Cc: Paul Vixie <vixie@isc.org>, nanog@merit.edu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, 6 Aug 2009, Florian Weimer wrote:
> This doesn't seem possible with current SCTP because the heartbeat
> rate quickly adds up and overloads servers further upstream. It
> also does not work on UNIX-like system where processes are
> short-lived and get a fresh stub resolver each time they are
> restarted.
Stubs on Unix systems can have long-lived processes that handle the
actual lookups, the stub component in the process that calls into the
resolver then accesses it via IPC. I.e. the NSCD style approach.
regards,
--
Paul Jakma paul@jakma.org Key ID: 64A2FF6A
Fortune:
As Zeus said to Narcissus, "Watch yourself."
