nanog mailing list archives
Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica
From: Damian Menscher via NANOG <nanog () nanog org>
Date: Tue, 4 Aug 2015 09:49:21 -0700
On Tue, Aug 4, 2015 at 9:39 AM, Mark Andrews <marka () isc org> wrote:
In message <9C2ACA5A-755D-4FCF-8491-745A1F9111BA () puck nether net>, Jared Mauch writes:I recommend using DNSDIST to balance traffic at a protocol level as youcan h=ave implementation diversity on the backside.=20 I can send an example config out later for people. You can balance tobind N=SD and others all at the same time :-) just move your SPoFUnless the same client hits the same server all the time this is a bad idea.
But tying a set of clients to the same backend puts them all in the same failure domain.... Resolvers actually track capabilities of servers as it is the only
way to get answers due to firewalls dropping legitimate packet and protocol misimplementations. Add to that different vendors / versions supporting different extensions randomly flipping between vendors / versions is frought with danger unless you take extreme care.
Out of curiosity, do any resolvers other than BIND do this? I ask because BIND has a reputation for having "too many" features, and I wonder if this is one of them. Damian
On Aug 4, 2015, at 10:03 AM, Jay Ashworth <jra () baylink com> wrote:Everyone got BIND updated?http://arstechnica.com/security/2015/08/exploits-start-against-flaw-that-could-hamstring-huge-swaths-of-internet/-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: RES: Exploits start against flaw that could hamstring huge swaths of, (continued)
- Re: RES: Exploits start against flaw that could hamstring huge swaths of Joel Maslak (Aug 04)
- RES: RES: Exploits start against flaw that could hamstring huge swaths of Leonardo Oliveira Ortiz (Aug 06)
- Re: RES: Exploits start against flaw that could hamstring huge swaths of Jay Ashworth (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths Joe Greco (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths Baldur Norddahl (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths Christopher Morrow (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths Baldur Norddahl (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths of Valdis . Kletnieks (Aug 04)
- Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Mark Andrews (Aug 04)
- Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Damian Menscher via NANOG (Aug 04)
- Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Jared Mauch (Aug 04)
- Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Joe Abley (Aug 04)
- Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Jared Mauch (Aug 04)