Hi evereyone, On Mon, 2012-10-01 at 17:24 +0000, Vernon Schryver wrote: > After you have rate limiting, why bother with the costs of the > synthetic CNAMES? What I suggested was a method for legitimate clients to remove themselves from the rate-limiting blacklist. They get onto the list when an attacker sends spoofed queries using the legitimate client's (e.g. a resolving DNS server of an ISP) IP address as source address. Thus an attacker could "disable" zones for specific ISPs by attacking the rate-limiting authoritative name server of the zone.
Despite my suggestion earlier in this thread, I agree with Paul when it comes to handing out data that are obviously not zone data. Cookies seem more appropriate now. Best regards Dan -- Dan Luedtke http://www.danrl.de _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
