* Mark Andrews: > So now recursive servers need to try all the authoritative servers > trying to get a find non broken server. Then they will return SERVFAIL > to the clients which you the hope will do something sensible with the > SERVFAIL response. > > This is a DoS attack on the recursive resolvers. STOP IT.
If BIND has a denial-of-service vulnerability, you need to fix it in your code. Anyone can serve a zone that triggers the vulnerability, so begging authoritative server operators to play along nicely does not solve the problem. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
