nanog mailing list archives

Re: Open Resolver Problems

From: Joe Abley <jabley () hopcount ca>
Date: Mon, 25 Mar 2013 16:59:25 -0400


On 2013-03-25, at 16:51, Måns Nilsson <mansaxel () besserwisser org> wrote:

I've successfully applied the Redbarn patches to my BIND, and I expect
the NSD rate-control to be of similar quality, or better.


We've formed the opinion at ICANN that the observed reaction to reflection attacks by BIND9 + Schryver/Vixie RRL is 
definitely different from NSD + NSD-RRL, but we don't yet know whether either one is better.

Dave Knight is busy building a test lab at DNS-OARC so he can replay identical attack traffic against BIND9, NSD and 
knot with equivalent RRL configurations to observe their behaviour. The source data he's using initially is from a 
reflection attack against L-Root that landed in Hamburg; if others here have full pcaps of similar events and are 
interested in comparing the reactions to it from those three nameservers, let me know and I can put you in touch.

Dave plans to talk about his methodology and findings at the DNS-OARC workshop in Dublin in May (assuming his 
presentation proposal is accepted).

(The DNS-OARC workshop is cojoined with the RIPE meeting, for those who are DNS-curious and haven't already considered 
a couple of extra days of DNS fun alongside the RIPE meeting they were already planning to attend.)


Joe

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Current thread:

Re: Open Resolver Problems, (continued)
- - - Re: Open Resolver Problems Jay Ashworth (Mar 26)
    - Re: Open Resolver Problems Saku Ytti (Mar 26)
    - Re: Open Resolver Problems Leo Bicknell (Mar 26)
    - Re: Open Resolver Problems Scott Noel-Hemming (Mar 29)
    - Re: Open Resolver Problems Mattias Ahnberg (Mar 25)
    - Re: Open Resolver Problems Jared Mauch (Mar 25)
    - Re: Open Resolver Problems Nick Hilliard (Mar 25)
    - Re: Open Resolver Problems Alain Hebert (Mar 25)
    - Re: Open Resolver Problems Joe Abley (Mar 25)
    - Re: Open Resolver Problems Måns Nilsson (Mar 25)
    - Re: Open Resolver Problems Joe Abley (Mar 25)
    - Re: Open Resolver Problems Mikael Abrahamsson (Mar 25)
    - Re: Open Resolver Problems Nick Hilliard (Mar 25)
    - Re: Open Resolver Problems Alain Hebert (Mar 25)
    - Re: Open Resolver Problems William Herrin (Mar 25)
    - Re: Open Resolver Problems Nick Hilliard (Mar 25)
    - Re: Open Resolver Problems William Herrin (Mar 25)
    - Re: Open Resolver Problems Jay Ashworth (Mar 26)
    - Re: Open Resolver Problems Mikael Abrahamsson (Mar 26)
    - Re: Open Resolver Problems Jared Mauch (Mar 25)
    - Re: Open Resolver Problems Jon Lewis (Mar 26)

(Thread continues...)