large organization nameservers sending icmp packets to dns servers.
Paul Vixie
vixie at vix.com
Wed Aug 8 19:11:48 UTC 2007
i normally agree with doug....
dotis at mail-abuse.org (Douglas Otis) writes:
> Ensuring an authoritative domain name server responds via UDP is a
> critical security requirement. TCP will not create the same risk of a
> resolver being poisoned, but a TCP connection will consume a significant
> amount of a name server's resources.
...but this is flat out wrong, dead wrong, no way to candy coat it, wrong.
--
Paul Vixie
More information about the NANOG
mailing list