On 08/25/2014 03:24 PM, Dave Duchscher wrote: > > Cloudflare's response: > >> Hey there, >> >> Because the DNS query "http://reddit.com"; is technically not valid (since >> DNS queries should not contain the protocol URI), CloudFlare's DNS servers >> will not respond to them. >> >> Since these kinds of invalid queries don't get this far in the normal DNS >> system (since they get dropped at the root servers) >> >> Let us know if you need any other help >> Thanks > > > *sigh* >
Wow. Not only is that answer wrong, that approach makes these zones easy to DoS on a number of resolvers. Worse, as someone on IRC just commented, it also makes it much, much easier to do kaminsky-style attacks on those zones. Jelte _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
