Once upon a time, David Andersen <d...@cs.cmu.edu> said: > Actually, ". IN NS" is a particularly useful thing for them to do, > because it's an almost globally guaranteed response that will get a > large response and be in cache.
That's only true on servers that aren't well-configured. > "<tld>. IN NS", of course, but the set of things that work well for > such an attack are relatively limited. Try "aol.com. MX", "hotmail.com. MX", any domain with a big SPF TXT record, etc. There's nothing really special about ". NS". If somebody is serving cached data to the world (even if they aren't recursing for the world), there are any number of things that are likely in the cache. And, since most people have SMTP servers, it is often easy to "prime" somebody's cache, since the SMTP servers often use the same DNS servers. -- Chris Adams <cmad...@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
