Sporadic but noticable SERVFAILs in specific nodes of an anycast resolving farm running BIND

[Kostas Zorbadelos]

LuKreme <kremels at kreme.com> writes:

> On 08 Mar 2014, at 12:52 , Kostas Zorbadelos <kzorba at otenet.gr> wrote:
>
>> One mitigation approach is to blackhole the domains using local zones.
>
> That’s not much of a mitigation. Not having open resolvers would be
> mitigation. 

It is a "quick and dirty" approach, since closing all open resolvers is
much harder and wishful thinking. But of course I agree that actions
must be made for the long-term solution al well.

Regards,

Kostas