Mark Andrews wrote on 2022-04-07 17:21:
On 8 Apr 2022, at 09:12, Paul Vixie
wrote: ...
wildcard synthesis should always have been resolver-side. now we
live like this. a zero-length EDNS option with a name like REALWILD
that asked the authority server to include *.example.com as an
answer'
> On 8 Apr 2022, at 09:12, Paul Vixie wrote:
> Brian Dickson wrote on 2022-04-07 14:26:
>> ...
>> However, that does provide motivation for (a) signing zones, and (b)
>> resolvers doing validation with synthesis.
>> Together, those reduce (a) load on auth servers, and (b) cache pollution.
>> W
Brian Dickson wrote on 2022-04-07 14:26:
...
However, that does provide motivation for (a) signing zones, and (b)
resolvers doing validation with synthesis.
Together, those reduce (a) load on auth servers, and (b) cache
pollution. Win/win.
if those pigs had wings, they could indeed fly. (t
On Thu, Apr 7, 2022 at 9:51 AM John R. Levine wrote:
> A friend of mine asserts that wildcard DNS records are a problem because
> hostile clients can use them to fill up DNS caches with junk answers to
> random queries that match a wildcard. But it seems to me that you can do
> it just as well w
On 7 Apr 2022, at 18:50, John R. Levine wrote:
> A friend of mine asserts that wildcard DNS records are a problem because
> hostile clients can use them to fill up DNS caches with junk answers to
> random queries that match a wildcard. But it seems to me that you can do it
> just as well with
A friend of mine asserts that wildcard DNS records are a problem because
hostile clients can use them to fill up DNS caches with junk answers to
random queries that match a wildcard. But it seems to me that you can do
it just as well with random queries that match nothing and fill up the
cache