Re: maybe a dumb idea on how to fix the dns problems i don't know....

• From: Joe Abley
• Date: Sat Aug 09 18:16:05 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

Why not just require TCP for a lookup if a response with an incorrect TXID is received? You could require TCP for just the one lookup or for some configured interval, say 1 hour. That should slow attackers down substantially.

• References:
  • maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul
  • RE: maybe a dumb idea on how to fix the dns problems i don't know.... Church, Charles
  • Re: maybe a dumb idea on how to fix the dns problems i don't know.... Joe Abley
  • Re: maybe a dumb idea on how to fix the dns problems i don't know.... Matt F

• Prev by Date: Re: maybe a dumb idea on how to fix the dns problems i don't know....
• Next by Date: Re: DNS attacks evolve
• Date Index
• Thread Index
• Author Index
• Historical