[63779] in North American Network Operators' Group
Re: Sitefinder and DDoS
daemon@ATHENA.MIT.EDU (Bruce Campbell)
Fri Oct 10 03:42:39 2003
Date: Fri, 10 Oct 2003 09:41:53 +0200 (CEST)
From: Bruce Campbell <bc-nanog@vicious.dropbear.id.au>
To: nanog@merit.org
In-Reply-To: <p06100365bbab754a6077@[192.168.1.104]>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 9 Oct 2003, Kee Hinckley wrote:
> At 10:41 PM +0300 10/9/03, Petri Helenius wrote:
> >With $100M annual revenue at stake, I would be willing to provide
> >distributed solutions
> >to this problem if you send me a reasonable fraction of that money.
>
> But can you do it without breaking the assumption that any lookup on
> *.TLD will always return the same value as badxxxdomain.TLD?
Well, the problem space is that a wildcard is involved. Since 1034
indicates that the answer for '*.something' is the same as
'otherwise-unmatched.something', I think this assumption is fairly safe.
The assumption is not safe if the authoritative nameservers for the
underlying zone are not performing according to the DNS specs; ie, they
have synthesised answers that are not from a wildcard (which can be
queried).
--==--
Bruce.
