North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: large organization nameservers sending icmp packets to dns servers.
i normally agree with doug.... dotis@xxxxxxxxxxxxxx (Douglas Otis) writes: > Ensuring an authoritative domain name server responds via UDP is a > critical security requirement. TCP will not create the same risk of a > resolver being poisoned, but a TCP connection will consume a significant > amount of a name server's resources. ...but this is flat out wrong, dead wrong, no way to candy coat it, wrong. -- Paul Vixie