[Dnsmasq-discuss] DNS-Denial-of-Service protection via Distributed Hashtable
Rene Bartsch
ml at bartschnet.de
Fri Aug 22 14:02:27 BST 2014
Hi,
because of the hierararchical structure of the DNS-system DDoS-attacks
on nameservers or ISP-resolvers can make the internet unusable for
Dnsmasq users.
Taking the huge number of Dnsmasq installations into account, nearly
every DNS resource record is cached on a Dnsmasq node somewhere on this
planet. If the Dnsmasq nodes connect to each other in a P2P-network they
can even resolve records when upstream resolvers or upstream nameserver
fail temporarily.
So I suggest to map the DNSSEC-cache in Dnsmasq to a Kademlia DHT and
exchange DNSSEC-signed resource records via peer-2-peer.
What do you think?
--
Best regards,
Renne
More information about the Dnsmasq-discuss
mailing list