samwu(吴洪声) wrote: > in DNSPod, we responded user a random cname like afda7896.dnspod.com > to prevent DNS query flood and avoid TCP issue.
this approach changes the meaning of the dns result, such that the qname is now an alias. some cname-aware protocols like smtp and http will behave differently when you insert a cname chain like this. that's a cost i consider to be too high, even for ddos mitigation. vixie
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
