Sporadic but noticable SERVFAILs in specific nodes of an anycast resolving farm running BIND

sthaug at nethelp.no sthaug at nethelp.no
Sat Mar 8 21:30:06 UTC 2014


> > One mitigation approach is to blackhole the domains using local zones.
> 
> That’s not much of a mitigation. Not having open resolvers would be mitigation.

Not having open resolvers is good - but unfortunately doesn't help
against misbehaving clients (e.g. small home routers with DNS proxies
open to queries from the WAN side).

Steinar Haug, Nethelp consulting, sthaug at nethelp.no


More information about the bind-users mailing list