In message <CAL89Sg+XDKc=_6UWosAZ=wypjb9tm2gan0-vdk8kyiji+ve...@mail.gmail.com> , Tom Paseka writes: > On Tue, Mar 26, 2013 at 7:04 PM, Matthew Petach <mpet...@netflight.com>wrot= > e: > > > On Tue, Mar 26, 2013 at 6:06 PM, John Levine <jo...@iecc.com> wrote: > > >>As a white-hat attempting to find problems to address through legitimat= > e > > means, how > > >>do you =85 > > > > > > You make friends with people with busy authoritative servers and see > > > who's querying them. > > > > I'm confused. Don't most authoritative servers have to > > answer to just about anyone in order to be useful? > > > > Matt > > > > Authoritative DNS servers need to implement rate limiting. (a client > shouldn't query you twice for the same thing within its TTL).
You are assuming that there is a recursive server making the queries and that there are not multiple recursive server behind a NAT. Neither of these assumptions in true in practice and with the deployment of CGNs these will become less true. I have two recursive server at home behind a NAT today. Both do DNSSEC. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
