[Devel] asynchronous DNS
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Oct 12 12:18:59 CEST 2006
Daniel-Constantin Mierla wrote:
> Hello,
>
> we were investigating the issue at a moment, it is not that very easy to
> add, but it is in roadmap, maybe with not so high priority as it should.
> We considered that using some cached DNS in the system should avoid
> delays of queries. This not solves the DoS as you said, so a solution
> should be investigated.
>
> By protectiong your network so that only local users can call outside
> domains, you protect yourself a bit. Only if you act as an open relay,
> then you expose a lot. The usual policy should be: anybody can call my
> users and my users can call anybody, I would not recommend anybody to
> anybody on a server.
Yes, thats right. At least I can find out reliable who did the DoS
attack ;-)
IMO it is a shame that bind does not cache lame servers - or does some
knows a resolving name server which caches SERVFAIL?
regards
klaus
>
> Cheers,
> Daniel
>
>
> On 10/12/06 12:30, Klaus Darilion wrote:
>> Hi!
>>
>> Are there any plans for including an asynchronous DNS resolver into
>> openser? It still bothers me that openser is vulnerable to DNS based
>> DoS attackes (lame delegations (SERVFAIL )are not cached in the
>> resolving DNS server).
>>
>> regards
>> klaus
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/devel
>>
More information about the Devel
mailing list