BIND this easy to DOS? (nobody?)

Danny Mayer mayer at gis.net
Mon Jan 16 04:01:08 UTC 2006


Brad Knowles wrote:
> At 10:00 AM +1100 2006-01-16, Mark Andrews wrote:
> 
>>  	How long are you willing to wait for external DNS to start
>>  	working after the broken link connecting you to the rest to
>>  	the world comes up?
> 
> 	Can we do this as another form of negative caching?  It seems to 
> me that a reasonably small default should be sufficient in most cases.
> 
I'm troubled by this. There are probably two main categories of
nameservers that don't respond to queries: 1)Those that became
unreachable for temporary reasons like power outages or network outages,
etc. and 2) a totally messed up delegation where the nameservers pointed
to are really nowhere.

The difference between the two cases are that the first will come back
at any time while the latter is a mostly unfixable situation that
requires manual intervention at level up to get the right namserver
addresses or adding nameservers at the addresses specified.

In the first case being back at any moment just trying again makes
sense. In the latter case backing off makes sense. But the real question
is how do you distinguish them operationally?

Danny


More information about the bind-workers mailing list