[Devel] asynchronous DNS
Daniel-Constantin Mierla
daniel at voice-system.ro
Thu Oct 12 11:39:34 CEST 2006
Hello,
we were investigating the issue at a moment, it is not that very easy to
add, but it is in roadmap, maybe with not so high priority as it should.
We considered that using some cached DNS in the system should avoid
delays of queries. This not solves the DoS as you said, so a solution
should be investigated.
By protectiong your network so that only local users can call outside
domains, you protect yourself a bit. Only if you act as an open relay,
then you expose a lot. The usual policy should be: anybody can call my
users and my users can call anybody, I would not recommend anybody to
anybody on a server.
Cheers,
Daniel
On 10/12/06 12:30, Klaus Darilion wrote:
> Hi!
>
> Are there any plans for including an asynchronous DNS resolver into
> openser? It still bothers me that openser is vulnerable to DNS based
> DoS attackes (lame delegations (SERVFAIL )are not cached in the
> resolving DNS server).
>
> regards
> klaus
>
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
>
More information about the Devel
mailing list