nanog mailing list archives

Re: maybe a dumb idea on how to fix the dns problems i don't know....

From: Rob Payne <rnspayne () the-paynes com>
Date: Sun, 10 Aug 2008 17:05:04 -0400

On Sun, Aug 10, 2008 at 01:06:06PM -0700, Chris Paul wrote:

brett watson wrote:

Hey authority DNS server operators. Can you make a change to your 
servers to always allow TCP client connections? Would this be 
difficult? What would be the harm?

SYN flooding?

from your clients? We ways of knowing people on our local network are 
doing this type of thing and turn them off at the switch today. Why are 
you are doing dns recursion for people outside your network?


The question isn't whether to offer TCP/53 up at the recursive
server.  The issue is that for you to use TCP/53 from your recursive
server, it has to be offered up at the authoritative end.  

The authoritative server operators have to offer TCP/53 and the
firewall administrators between the recursive server and the
authoritative servers have to allow the traffic.

                                 -rob

Current thread:

Re: maybe a dumb idea on how to fix the dns problems i don't know...., (continued)
- - - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Randy Bush (Aug 09)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Michael Thomas (Aug 09)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 09)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... brett watson (Aug 09)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Paul Vixie (Aug 09)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Joe Abley (Aug 10)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Paul Vixie (Aug 10)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Joe Abley (Aug 10)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Paul Vixie (Aug 10)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Rob Payne (Aug 10)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... William Herrin (Aug 10)
- FW: maybe a dumb idea on how to fix the dns problems i don't know.... Tomas L. Byrnes (Aug 10)
  - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
    - Message not available
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... list-nanog (Aug 10)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Joe Greco (Aug 10)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
    - Re: maybe a dumb idea on how to fix the dns problems i don't know.... Victor Jerlin (Aug 10)

(Thread continues...)