nanog mailing list archives
Re: Sitefinder and DDoS
From: Bruce Campbell <bc-nanog () vicious dropbear id au>
Date: Fri, 10 Oct 2003 09:41:53 +0200 (CEST)
On Thu, 9 Oct 2003, Kee Hinckley wrote:
At 10:41 PM +0300 10/9/03, Petri Helenius wrote:With $100M annual revenue at stake, I would be willing to provide distributed solutions to this problem if you send me a reasonable fraction of that money.But can you do it without breaking the assumption that any lookup on *.TLD will always return the same value as badxxxdomain.TLD?
Well, the problem space is that a wildcard is involved. Since 1034 indicates that the answer for '*.something' is the same as 'otherwise-unmatched.something', I think this assumption is fairly safe. The assumption is not safe if the authoritative nameservers for the underlying zone are not performing according to the DNS specs; ie, they have synthesised answers that are not from a wildcard (which can be queried). --==-- Bruce.
Current thread:
- Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS bmanning (Oct 09)
- Message not available
- Re: Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- Message not available
- Re: Sitefinder and DDoS bmanning (Oct 09)
- <Possible follow-ups>
- Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- Re: Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS Kee Hinckley (Oct 09)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- Re: Sitefinder and DDoS Bruce Campbell (Oct 10)
- Re: Sitefinder and DDoS Owen DeLong (Oct 10)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)