DOS attack against DNS?

Paul Vixie paul at vix.com
Tue Jan 17 18:15:44 UTC 2006


# Admitted, i did not notice the type/class difference. I responded as a knee
# jerk reaction, and that is my mistake.

on nanog@, the tradition is to send knee-jerk flames without having read the
article you're replying to.  it's our own little slice of usenet-like culture,
still alive a decade or several too late.  so you're fitting right in.  :-).

# For the second part, the any query type is useful (when targeted at either
# your NS and/or public NS servers) to quickly alert to issues such as the one
# being discussed with GoDaddy and Nectartech right now on this list.

i don't like type ANY very much, since it's a cpu amplification attack vector
against recursive nameservers.  however, sendmail uses it in hopes of learning
type MX and type A at the same time, and according to eric, this saves more
network traffic than it generates.

in any case i've not said anything against type ANY.  it's common, and seeing
it is not an indication of malicious intent, and it should never be blocked.
my earlier comments on this thread were about "class" ANY, not "type" ANY.



More information about the NANOG mailing list