DNS hardening, was Re: Dan Kaminsky
Paul Jakma
paul at jakma.org
Thu Aug 6 09:04:32 UTC 2009
On Thu, 6 Aug 2009, Florian Weimer wrote:
> This doesn't seem possible with current SCTP because the heartbeat
> rate quickly adds up and overloads servers further upstream. It
> also does not work on UNIX-like system where processes are
> short-lived and get a fresh stub resolver each time they are
> restarted.
Stubs on Unix systems can have long-lived processes that handle the
actual lookups, the stub component in the process that calls into the
resolver then accesses it via IPC. I.e. the NSCD style approach.
regards,
--
Paul Jakma paul at jakma.org Key ID: 64A2FF6A
Fortune:
As Zeus said to Narcissus, "Watch yourself."
More information about the NANOG
mailing list