DOS attack against DNS?

• Previous message (by thread): DOS attack against DNS?
• Next message (by thread): DOS attack against DNS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Admitted, i did not notice the type/class difference. I responded as a knee
jerk reaction, and that is my mistake.

For the second part, the any query type is useful (when targeted at either
your NS and/or public NS servers) to quickly alert to issues such as the one
being discussed with GoDaddy and Nectartech right now on this list.

Pick and/or set up an NS server that is TTL agnostic (flameArmor: this
system is to be used for disparate up-to-date checks only, and I know by
spec this is far from foolproof but its saved my ass a couple times in the
past) and checks disparate roots and its useful for finding or alerting to
major name system, registrar ,and provider issues quickly.

Im diverging off-topic, im sure. gnight.

On 1/17/06, william(at)elan.net <william at elan.net> wrote:
>
>
> Did you notice that it was class "ANY" and not type "ANY" that Paul noted?
> I've never ever heard of it being used anywhere....
>
> As for ANY query type, what do you think will happen when you query with
> "ANY" to a host in a domain that is not in your local dns server cache?
> And btw if it is in your dns cache, how predictable do you think such
> results are going to be???
>
> On Tue, 17 Jan 2006, Alon Tirosh wrote:
>
> > Not true,. the ANY query has mutliple uses for consolidating multiple
> > diagnostic queries into a single display, and also for diversion
> monitoring
> > systems on small domains or groups of same. Not all of us have the
> resources
> > (or time) of large ISPs behind us.
> >
> > On 15 Jan 2006 17:27:40 +0000, Paul Vixie <vixie at vix.com> wrote:
> >>
> >>> client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E
> >>
> >> class "ANY" has no purpose in the real world, not even for
> debugging.  if
> >> you see it in a query, you can assume malicious intent.  if you hear it
> in
> >> a query, you can safely ignore that query, or at best, map it to class
> >> "IN".
> >> --
> >> Paul Vixie
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060117/0960b885/attachment.html>

• Previous message (by thread): DOS attack against DNS?
• Next message (by thread): DOS attack against DNS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]