Sporadic but noticable SERVFAILs in specific nodes of an anycast resolving farm running BIND
Doug Barton
dougb at dougbarton.us
Sun Mar 9 21:51:15 UTC 2014
On 3/8/2014 1:30 PM, sthaug at nethelp.no wrote:
>>> One mitigation approach is to blackhole the domains using local zones.
>>
>> That�s not much of a mitigation. Not having open resolvers would be mitigation.
>
> Not having open resolvers is good - but unfortunately doesn't help
> against misbehaving clients (e.g. small home routers with DNS proxies
> open to queries from the WAN side).
There is a fairly long list of things that closing open resolvers won't
fix, but one wonders how that is relevant?
More information about the bind-users
mailing list