Re: [dns-operations] s3.amazonaws.com problem?

--- Begin Message --- are you showing the answers or is it really sending *cname* queries? Jelte anecdotal 2 cents on aws dns issues: I definitely noticed their problems last night, from what I could tell it wasn't only s3 but all the amazon aws dns services; they were simply dropping many que

Re: [dns-operations] Stunning security discovery: AXFR may leak information

On 04/14/2015 04:48 PM, Mike Hoskins (michoski) wrote: > > Yeah, when I read the AXFR announce my first thought was "wow, CERT must > be bored!" Seemed like old news. That said, open resolvers and BCP38 > should also be old news...but a lot of people don't get it or don't care. > Perhaps it was

Re: [dns-operations] Why are cnames called "canonical" names?

On 04/10/2015 06:28 PM, Fred Morris wrote: > > But gee, people keep going to example.com instead of www.example.com. I'd > better create a CNAME which says "if you're visiting example.com, you > really should be going to www.example.com". > > > > But I can't do that. > ...and that's why it's

Re: [dns-operations] resolvers considered harmful

On 10/23/2014 03:07 AM, Mark Allman wrote: > > On the other hand, an endpoint can look up a name without listening for > any request from the network. We suggest this be an entirely local > operation. Think of it like this: just because I want to load the > cnn.com web page I don't have to run h

Re: [dns-operations] alidns

On 06/17/2014 06:29 AM, Hauke Lampe wrote: > On 16.06.2014 13:58, Stephane Bortzmeyer wrote: > >>> anybody give a test and review on alidns.com? >> >> Lying resolver. (The real addresses are in 173.252.96.0/19) >> >> % dig @223.5.5.5 A facebook.com > >> ;; ANSWER SECTION: >> facebook.com.

Re: [dns-operations] Opinions sought .... have I come to the right place?

On 11/07/2013 03:52 PM, Edward Lewis wrote: > > In experimenting with some recursive servers (and by no means an > exhaustive set), some code bases did adhere to the "rules" and some code > bases seem to ignore the "rules." I say this to the extent that the > collective set of deployed tools out t

Re: [dns-operations] DNS Attack over UDP fragmentation

On 09/04/2013 04:50 PM, Ondřej Surý wrote: > BTW just to complete my question in first email - is there a agreement that > this is serious and needs to be addressed? > Just had a quick read and here are some random thoughts (staying out of solution space for now): Fragmentation has long been k