DNS hardening, was Re: Dan Kaminsky

• Previous message (by thread): DNS hardening, was Re: Dan Kaminsky
• Next message (by thread): DNS hardening, was Re: Dan Kaminsky
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 6 Aug 2009, Florian Weimer wrote:

> This doesn't seem possible with current SCTP because the heartbeat 
> rate quickly adds up and overloads servers further upstream.  It 
> also does not work on UNIX-like system where processes are 
> short-lived and get a fresh stub resolver each time they are 
> restarted.

Stubs on Unix systems can have long-lived processes that handle the 
actual lookups, the stub component in the process that calls into the 
resolver then accesses it via IPC. I.e. the NSCD style approach.

regards,
-- 
Paul Jakma	paul at jakma.org	Key ID: 64A2FF6A
Fortune:
As Zeus said to Narcissus, "Watch yourself."

• Previous message (by thread): DNS hardening, was Re: Dan Kaminsky
• Next message (by thread): DNS hardening, was Re: Dan Kaminsky
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]