...... Original Message .......
On Tue, 22 Mar 2005 14:12:42 -0500 Mark Shewmaker
<mark(_at_)primefactor(_dot_)com>
wrote:
On Sat, Mar 19, 2005 at 09:27:54AM -0500, Scott Kitterman wrote:
If other records that I include count against MY limit, I can go from
a good record to a broken one in no time. The problem with overall
limits
is that they cross administrative boundaries.
Then what if they didn't count against your limit? Would that both work
and protect against DOS attacks? (Say the recursively-included records
counted up separately.)
For instance, the rules could be:
1. A limit of ten lookups at the level of the initial record itself.
2. A limit of ten lookups in any top-referenced record downwards.
This would mean that vanity domains could include major ESP's without
worrying about triggering the limit themselves, but ESP's would still
have to make sure they were well within the limits.
(Meaning that Road Runner shouldn't depend on these limits for the
main rr.com domain.)
It's just like Wayne's latest algorithm, except that the top-most
record is counted by itself, and each top branch formed from the
top record would be counted separately.
So if your record had a total of ten includes or redirects and nothing
else, your record itself wouldn't trigger any limits, but any one of
the included records could.
Would that help things without causing more problems than it solves?
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com
Something like that would work great for me, but I suspect it would be
subject to amplification problems.
Scott Kitterman