gfolkert wrote:

Along with that, I see a very interesting DoS or DDoS attack using compromised DDNS clients updating their Authoritative DDNS machine thousands of time persecond and then transferring those hundreds of thousands of times to the next upstream DNS machine... and the ROOT servers etc...

I'm unclear about how and why, in the scenario you're describing, infomation would be propagated higher and higher in the chain of authority towards the root. I'm not envisioning an example where that can happen. Maybe it would help if you could post an example, showing what happens with the zonefiles.

E.g., if you have a bunch of machines that have nameservice in zone myddns.org, then they send update IP information to some nameservers that have delegated authority for that forward-lookup second-level domain. The several authoritative nameservers would be set up to update one another: I'm not informed enough on DDNS nameserver administration to know how that happens (never needed DDNS), but that's it. Delegated is delegated.

If I'm missing the nature of what you're asking, please do follow up. An example would probably help.

Rick Moen
rick@linuxmafia.com