Open Resolver Problems

• Previous message (by thread): Open Resolver Problems
• Next message (by thread): Open Resolver Problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <CAL89Sg+XDKc=_6UWosAZ=wyPJb9tm2GaN0-vDk8Kyiji+vEUUQ at mail.gmail.com>
, Tom Paseka writes:
> On Tue, Mar 26, 2013 at 7:04 PM, Matthew Petach <mpetach at netflight.com>wrot=
> e:
> 
> > On Tue, Mar 26, 2013 at 6:06 PM, John Levine <johnl at iecc.com> wrote:
> > >>As a white-hat attempting to find problems to address through legitimat=
> e
> > means, how
> > >>do you =85
> > >
> > > You make friends with people with busy authoritative servers and see
> > > who's querying them.
> >
> > I'm confused.  Don't most authoritative servers have to
> > answer to just about anyone in order to be useful?
> >
> > Matt
> >
> 
> Authoritative DNS servers need to implement rate limiting. (a client
> shouldn't query you twice for the same thing within its TTL).

You are assuming that there is a recursive server making the queries
and that there are not multiple recursive server behind a NAT.
Neither of these assumptions in true in practice and with the
deployment of CGNs these will become less true.

I have two recursive server at home behind a NAT today.  Both do
DNSSEC.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

• Previous message (by thread): Open Resolver Problems
• Next message (by thread): Open Resolver Problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]