To:
"Rob Austein" <sra+dnsop@hactrn.net>, <dnsop@cafax.se>
From:
"Matt Larson" <mlarson@verisign.com>
Date:
Fri, 8 Aug 2003 20:39:12 -0400
Sender:
owner-dnsop@cafax.se
Subject:
Re: scope
> In reverse order, yes, I do realize that the root server addresses are > well-known, and that's part of what worries me. Studies of traffic > observed at those servers suggest that a significant fraction of the > total root server query load is the result of bad packet filtering > that lets queries get out but blocks some or all responses. You can say that again. IWFs (Idiots With Firewalls) account for a tremendous volume of repeat queries to the roots. It's more common than you might think. Those same boxes are probably the ones that inform their administrators that the blocked responses are in fact attacks, many of which get dutifully reported. Matt #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.