North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: DOS attack against DNS?
# Admitted, i did not notice the type/class difference. I responded as a knee # jerk reaction, and that is my mistake. on nanog@, the tradition is to send knee-jerk flames without having read the article you're replying to. it's our own little slice of usenet-like culture, still alive a decade or several too late. so you're fitting right in. :-). # For the second part, the any query type is useful (when targeted at either # your NS and/or public NS servers) to quickly alert to issues such as the one # being discussed with GoDaddy and Nectartech right now on this list. i don't like type ANY very much, since it's a cpu amplification attack vector against recursive nameservers. however, sendmail uses it in hopes of learning type MX and type A at the same time, and according to eric, this saves more network traffic than it generates. in any case i've not said anything against type ANY. it's common, and seeing it is not an indication of malicious intent, and it should never be blocked. my earlier comments on this thread were about "class" ANY, not "type" ANY.