16 Mar
2004
16 Mar
'04
1:42 p.m.
On Tue, 16 Mar 2004 10:08:28 PST, bill said:
http://www.nanog.org/mtg-0210/wessels.html has some very good information about some of the problems w/ leaked queries.
http://as112.net/ has some mitigation stratagies.
That mitigates the issue, but fails to deal with the root cause. One has to wonder - if a network is spewing enough broken DNS packets that it's noticable, and it's not getting fixed, what *else* is wrong with the network. Remember - every packet you see is a timeout happening back at the misconfigured site. It's like a car with one headlight out - yes, it still works, but whenever I see one on the road, I wonder what ELSE is marginal (like brake pads)....