Re: [dns-operations] Mozilla Firefox and ANY queries

Tony Finch Thu, 05 Mar 2015 08:15:55 -0800

Paul Wouters <[email protected]> wrote:
> On Thu, 5 Mar 2015, Tony Finch wrote:
>
> > > * ANY always returns a TTL of 5 seconds.
> >
> > That 5 second TTL is an artefact of RPZ processing. By default BIND
> > returns the upstream TTL in responses to ANY queries.
>
> Really? Wouldn't that _contribute_ to DDOS attacks when the attacker
> uses open recursives to attack the authoritative servers?


I meant upstream with cache countdown like normal queries, rather than
doing anything funny like squashing to 5s.

Tony.
-- 
f.anthony.n.finch  <[email protected]>  http://dotat.at/
South Utsire, Forties, Cromarty, Forth, Tyne, Dogger, Fisher: Southwesterly 5
to 7, occasionally gale 8 in Cromarty. Moderate, occasionally rough. Mainly
fair. Good.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Re: [dns-operations] Mozilla Firefox and ANY queries

Reply via email to