[nycbug-talk] dns abuse
Andy Kosela
akosela at andykosela.com
Wed Jan 21 15:05:09 EST 2009
Miles Nordin <carton at ivy.net> wrote:
> >>>>> "y" == Yarema <yds at coolrat.org> writes:
>
> y> I can't say enough good things about djbdns.
>
> I can say a few bad ones.
>
> no support for ipv6, no standards-compliant secondary dns. no support
> for dyndns and dnssec and thus no support for wide-area dns-sd.
>
> dns-sd is the best example of DJB's wrong-headedness. It's a
> well-liked protocol which is becoming important, and it gracefully
> builds on standards the rest of us have been carefully laying, one
> stone upon another, for future protocols we couldn't imagine yet
> (dnssec, dynamic updates, IXFR), and now dns-sd comes along as such an
> unimagined protocol using all the prior work.
>
> y> my servers were not contributing to any DDoSing since they
> y> returns nothing to the . NS query.
>
> which may well violate some standard, or make something else harder to
> debug.
>
Exactly. How are you going to point other nameservers to the root then?
Disabling recursion to WAN is desirable, but I'm not sure about
disabling answering for . zone. So is this some kind of "bug" or not?
--Andy
More information about the talk
mailing list