nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: maybe a dumb idea on how to fix the dns problems i don't know....

From: Joe Abley <jabley () ca afilias info>
Date: Sat, 9 Aug 2008 18:15:56 -0400

On 9 Aug 2008, at 18:10, Matt F wrote:
Why not just require TCP for a lookup if a response with an incorrect TXID is received? You could require TCP for just the one lookup or for some configured interval, say 1 hour. That should slow attackers down substantially.
That sounds like a good way for a remote attacker to make a resolver disable UDP transport for a server, more or less at will. I'm not sure I like the sound of that. 


Joe
Previous By Date Next
Previous By Thread Next

Current thread: