large organization nameservers sending icmp packets to dns servers.

• Previous message (by thread): large organization nameservers sending icmp packets to dns servers.
• Next message (by thread): large organization nameservers sending icmp packets to dns servers.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

i normally agree with doug....

dotis at mail-abuse.org (Douglas Otis) writes:
> Ensuring an authoritative domain name server responds via UDP is a
> critical security requirement.  TCP will not create the same risk of a
> resolver being poisoned, but a TCP connection will consume a significant
> amount of a name server's resources.

...but this is flat out wrong, dead wrong, no way to candy coat it, wrong.
-- 
Paul Vixie

• Previous message (by thread): large organization nameservers sending icmp packets to dns servers.
• Next message (by thread): large organization nameservers sending icmp packets to dns servers.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]