[bind10-dev] Forwarding from auth, was ddns
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Tue Nov 29 17:31:28 UTC 2011
At Tue, 29 Nov 2011 10:22:24 +0100,
Michal 'vorner' Vaner <michal.vaner at nic.cz> wrote:
> > Among the above problems I personally think the second one is crucial
> > (including cases where the recipient hangs and the write operation on
> > the UNIX domain socket would block) to be "production ready" and
> > should be solved sooner anyway. Maybe we can handle this particular
> > issue in a bit larger context that would cover some of the other
> > topics (but right now I don't have any concrete idea).
>
> Well, we should probably have it non-blocking and some finite queue. If the
> queue is full, drop the requests, the other end and try again?
Yes, something like this, at a lower level. We may want to provide a
bit higher level abstraction on top of it though.
> Or would that be prone to DOS attacks?
DoS attacks on what? As long as the communication is limited among
the internal processes I wouldn't call it an "attack". But, of
course, a naive implementation may lead to "denial of service"
situation when, e.g., the recipient part is very slow or becomes non
responsive while there could actually be a better way to recover.
When we design this we should take into account such
robustness/reliability issues.
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind10-dev
mailing list