date:20160516

Re: [DNSOP] Root server tar pitting? Is there a better way?

2016-05-16 Thread John Levine

In article

Re: [DNSOP] Root server tar pitting? Is there a better way?

2016-05-16 Thread Tony Finch

Brian Somers wrote: > Hi folks, Hi Brian! > However, during the attack, we also saw a huge number of TCP > sockets in > TIME_WAIT talking to root servers (probably all root servers). I’m > curious if > > 1.Are root servers doing some sort of tar pitting where they send a

Re: [DNSOP] Root server tar pitting? Is there a better way?

2016-05-16 Thread John Heidemann

On Mon, 16 May 2016 14:23:49 -0700, Brian Somers wrote: >Hi folks, > >I work at OpenDNS. We saw a DoS attack in Miami on Friday night around >10-11:00pm PST, consisting of UDP DNS requests for AAA.BBB.CCC.DDD where each >of AAA, BBB, CCC and DDD are three digit numbers not greater than 500. >

Re: [DNSOP] Root server tar pitting? Is there a better way?

2016-05-16 Thread Shumon Huque

On Mon, May 16, 2016 at 5:45 PM, bert hubert wrote: > On Mon, May 16, 2016 at 09:34:17PM +, Wessels, Duane wrote: > > Hi Brian, > > > > I think what you're suggesting has already been proposed. See >

Re: [DNSOP] Root server tar pitting? Is there a better way?

2016-05-16 Thread bert hubert

On Mon, May 16, 2016 at 09:34:17PM +, Wessels, Duane wrote: > Hi Brian, > > I think what you're suggesting has already been proposed. See > https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-nsec-aggressiveuse/ and > https://datatracker.ietf.org/doc/draft-wkumari-dnsop-cheese-shop/ It

Re: [DNSOP] Root server tar pitting? Is there a better way?

2016-05-16 Thread Marek Vavruša

Why not run a local copy of the root? It should be a good practice for large recursives, plus you get better latency. Marek On Mon, May 16, 2016 at 2:34 PM, Wessels, Duane wrote: > Hi Brian, > > I think what you're suggesting has already been proposed. See >

Re: [DNSOP] Root server tar pitting? Is there a better way?

2016-05-16 Thread Wessels, Duane

Hi Brian, I think what you're suggesting has already been proposed. See https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-nsec-aggressiveuse/ and https://datatracker.ietf.org/doc/draft-wkumari-dnsop-cheese-shop/ DW > On May 16, 2016, at 2:23 PM, Brian Somers wrote:

[DNSOP] Root server tar pitting? Is there a better way?

2016-05-16 Thread Brian Somers

Hi folks, I work at OpenDNS. We saw a DoS attack in Miami on Friday night around 10-11:00pm PST, consisting of UDP DNS requests for AAA.BBB.CCC.DDD where each of AAA, BBB, CCC and DDD are three digit numbers not greater than 500. Each query was answered with an NXDOMAIN by the root servers,

Re: [DNSOP] Root server tar pitting? Is there a better way?

Re: [DNSOP] Root server tar pitting? Is there a better way?

Re: [DNSOP] Root server tar pitting? Is there a better way?

Re: [DNSOP] Root server tar pitting? Is there a better way?

Re: [DNSOP] Root server tar pitting? Is there a better way?

Re: [DNSOP] Root server tar pitting? Is there a better way?

Re: [DNSOP] Root server tar pitting? Is there a better way?

[DNSOP] Root server tar pitting? Is there a better way?

8 matches

Site Navigation

Mail list logo

Footer information