[nycbug-talk] dns abuse
akosela at andykosela.com
Wed Jan 21 15:05:09 EST 2009
Miles Nordin <carton at ivy.net> wrote:
> >>>>> "y" == Yarema <yds at coolrat.org> writes:
> y> I can't say enough good things about djbdns.
> I can say a few bad ones.
> no support for ipv6, no standards-compliant secondary dns. no support
> for dyndns and dnssec and thus no support for wide-area dns-sd.
> dns-sd is the best example of DJB's wrong-headedness. It's a
> well-liked protocol which is becoming important, and it gracefully
> builds on standards the rest of us have been carefully laying, one
> stone upon another, for future protocols we couldn't imagine yet
> (dnssec, dynamic updates, IXFR), and now dns-sd comes along as such an
> unimagined protocol using all the prior work.
> y> my servers were not contributing to any DDoSing since they
> y> returns nothing to the . NS query.
> which may well violate some standard, or make something else harder to
Exactly. How are you going to point other nameservers to the root then?
Disabling recursion to WAN is desirable, but I'm not sure about
disabling answering for . zone. So is this some kind of "bug" or not?
More information about the talk