In message <[email protected]>, Tony Finch writes: > Mark Andrews <[email protected]> wrote: > > > > Server cookies are the way to go though I would add timestamps so > > that server secrets don't need to be changed. The time stamp would > > have to be within X seconds of the servers current concept of time > > or it will be treated as a bad cookie. The time would be concatenated > > to the rest of the data to be hashed. > > Are you referring to this? > http://tools.ietf.org/html/draft-eastlake-dnsext-cookies
Yes. It's a reasonable way to identify non-spoofed traffic which means you can apply filtering techiques to the rest of the traffic which will be a mix of spoofed and non-spoofed. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
