On Jul 28, 2005, at 10:19 AM, Michael Thomas wrote:
Instead of hand-wringing here, it would be nice ot know whether this
is a real problem or not. I had a lot of the same fears, but Mark
produced some stats from Y!'s mail server's use of DNS which showed
this to be essentially a non-problem(*) -- and Y! is certainly
going to
be as a worst a case scenario as I can think of. If Mark's experience
turns out to be the norm, either we should say nothing, or mention
that the worry here turns out to be a non-issue.
This is for the security considerations. If an attacker can cause
your DNS cache to artificially inflate, then he can degrade your
service. Additionally, the ability for an attacker to cause you to
query his DNS service is a vector for DNS cache poisoning (this
should be appended to Doug's paragraph).
-andy