On Fri, Sep 26, 2003 at 01:35:45PM -0400, Chris Lewis wrote:
Anything that defaults to "email blocked if DNS doesn't give me an
answer" is, um, way too dangerous.
It depends.
If you mean "blocked = permanently rejected" I agree.
If you mean by "blocked = temp failure" I don't. If you f'cked up your
(caching) DNS you won't get eMails out. If you f'cked up your (auth) DNS
you have to solely depend on cached MXs at other caches.
Ie: You could kill my inbound and outbound mail altogether by DDOS'ing
_my_ DNS servers. Ouch.
Yeah ... guess what, I could also kill all your inbound and outbound mail
altogether by DDoS'ing you mailservers, and this is by far easier ;-)
Even in the impossible event that _everyone_ complied with such a
standard, having your email abruptly stop working altogether if your DNS
fails is not something I want to propose to the PTBs.
If your DNS fails you have a lot of other things that don't work either.
Inbound and outbound.
In the scenario you describe (i.e. DDoS all DNS servers) I'd prefer
to reject all incoming messages with a temp failure over accepting
500,000 messages because the DDoS was deliberate to get the spam
through. But if they don't get the spam through, why should they DDoS you?
And as you're supposed to
a) split AUTH and CACHE DNS
b) have AUTH DNS separated to different network branches to make them
failsafe to network failures
c) the spammers surely don't know which CACHE DNS servers your MTAs use
I don't think this will be too successful an attack.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg