DNS hardening, was Re: Dan Kaminsky
paul at jakma.org
Thu Aug 6 04:04:32 CDT 2009
On Thu, 6 Aug 2009, Florian Weimer wrote:
> This doesn't seem possible with current SCTP because the heartbeat
> rate quickly adds up and overloads servers further upstream. It
> also does not work on UNIX-like system where processes are
> short-lived and get a fresh stub resolver each time they are
Stubs on Unix systems can have long-lived processes that handle the
actual lookups, the stub component in the process that calls into the
resolver then accesses it via IPC. I.e. the NSCD style approach.
Paul Jakma paul at jakma.org Key ID: 64A2FF6A
As Zeus said to Narcissus, "Watch yourself."
More information about the NANOG