There's a good question embedded in that discussion: when a resolver fails to get an answer from all of the authoritative nameservers for a domain, why not use the last known answer, even if it's stale.
Yes, that clearly violates the TTL of the rrset, but wouldn't be over-all better for the health of the internet? On Wed, Dec 24, 2014 at 1:56 AM, Stephane Bortzmeyer <[email protected]> wrote: > > https://news.ycombinator.com/item?id=8784210 > > After the successful attacks against Rackspace, Namecheap, DNSsimple > and 1&1, it is clear that dDoS attacks against DNS servers are very > common this winter, and they succeed :-( > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Colm _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
