[88011] in North American Network Operators' Group
Re: DOS attack against DNS?
daemon@ATHENA.MIT.EDU (Paul Vixie)
Tue Jan 17 13:33:23 2006
From: Paul Vixie <paul@vix.com>
To: nanog@merit.edu
In-Reply-To: Your message of "Tue, 17 Jan 2006 01:19:21 EST."
<daf8bffd0601162219l7adabb31p7865522450f4e33d@mail.gmail.com>
Date: Tue, 17 Jan 2006 18:15:44 +0000
Errors-To: owner-nanog@merit.edu
# Admitted, i did not notice the type/class difference. I responded as a knee
# jerk reaction, and that is my mistake.
on nanog@, the tradition is to send knee-jerk flames without having read the
article you're replying to. it's our own little slice of usenet-like culture,
still alive a decade or several too late. so you're fitting right in. :-).
# For the second part, the any query type is useful (when targeted at either
# your NS and/or public NS servers) to quickly alert to issues such as the one
# being discussed with GoDaddy and Nectartech right now on this list.
i don't like type ANY very much, since it's a cpu amplification attack vector
against recursive nameservers. however, sendmail uses it in hopes of learning
type MX and type A at the same time, and according to eric, this saves more
network traffic than it generates.
in any case i've not said anything against type ANY. it's common, and seeing
it is not an indication of malicious intent, and it should never be blocked.
my earlier comments on this thread were about "class" ANY, not "type" ANY.
