nanog mailing list archives

Re: DNS hardening, was Re: Dan Kaminsky

From: Paul Jakma <paul () jakma org>
Date: Thu, 6 Aug 2009 10:04:32 +0100 (BST)

On Thu, 6 Aug 2009, Florian Weimer wrote:

This doesn't seem possible with current SCTP because the heartbeatrate quickly adds up and overloads servers further upstream. Italso does not work on UNIX-like system where processes areshort-lived and get a fresh stub resolver each time they arerestarted.

Stubs on Unix systems can have long-lived processes that handle theactual lookups, the stub component in the process that calls into theresolver then accesses it via IPC. I.e. the NSCD style approach.


regards,
--
Paul Jakma      paul () jakma org       Key ID: 64A2FF6A
Fortune:
As Zeus said to Narcissus, "Watch yourself."

Current thread:

Re: dnscurve and DNS hardening, was Re: Dan Kaminsky, (continued)
- - - Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Douglas Otis (Aug 06)
    - Re: DNS hardening, was Re: Dan Kaminsky John R. Levine (Aug 05)
    - Re: DNS hardening, was Re: Dan Kaminsky Douglas Otis (Aug 05)
    - Re: DNS hardening, was Re: Dan Kaminsky Roland Dobbins (Aug 05)
    - Re: DNS hardening, was Re: Dan Kaminsky Douglas Otis (Aug 05)
    - Re: DNS hardening, was Re: Dan Kaminsky Christopher Morrow (Aug 05)
    - Re: DNS hardening, was Re: Dan Kaminsky Douglas Otis (Aug 05)
    - Re: DNS hardening, was Re: Dan Kaminsky Christopher Morrow (Aug 05)
    - Re: DNS hardening, was Re: Dan Kaminsky Paul Vixie (Aug 05)
    - Re: DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)
    - Re: DNS hardening, was Re: Dan Kaminsky Paul Jakma (Aug 06)
    - Re: DNS hardening, was Re: Dan Kaminsky Christopher Morrow (Aug 06)
    - Re: DNS hardening, was Re: Dan Kaminsky Paul Vixie (Aug 06)
    - Re: DNS hardening, was Re: Dan Kaminsky Ross Vandegrift (Aug 06)
    - Re: DNS hardening, was Re: Dan Kaminsky Christopher Morrow (Aug 06)
    - Re: DNS hardening, was Re: Dan Kaminsky Steven M. Bellovin (Aug 07)
    - Re: DNS hardening, was Re: Dan Kaminsky Douglas Otis (Aug 10)
    - Re: DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)
    - A DNSSEC irony Edward Lewis (Aug 06)
    - Re: DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)
    - Re: DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)

(Thread continues...)