[Devel] asynchronous DNS

Daniel-Constantin Mierla daniel at voice-system.ro
Thu Oct 12 11:39:34 CEST 2006


we were investigating the issue at a moment, it is not that very easy to 
add, but it is in roadmap, maybe with not so high priority as it should. 
We considered that using some cached DNS in the system should avoid 
delays of queries. This not solves the DoS as you said, so a solution 
should be investigated.

By protectiong your network so that only local users can call outside 
domains, you protect yourself a bit. Only if you act as an open relay, 
then you expose a lot. The usual policy should be: anybody can call my 
users and my users can call anybody, I would not recommend anybody to 
anybody on a server.


On 10/12/06 12:30, Klaus Darilion wrote:
> Hi!
> Are there any plans for including an asynchronous DNS resolver into 
> openser? It still bothers me that openser is vulnerable to DNS based 
> DoS attackes (lame delegations (SERVFAIL )are not cached in the 
> resolving DNS server).
> regards
> klaus
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel

More information about the Devel mailing list