[106186] in North American Network Operators' Group
Re: TLD servers with recursion was Re: Exploit for DNS Cache
daemon@ATHENA.MIT.EDU (John Kristoff)
Thu Jul 24 09:43:34 2008
Date: Thu, 24 Jul 2008 08:43:04 -0500
From: John Kristoff <jtk@centergate.net>
Cc: nanog@nanog.org
In-Reply-To: <200807241006.26010.simonw@zynet.net>
Errors-To: nanog-bounces@nanog.org
On Thu, 24 Jul 2008 10:06:25 +0100
Simon Waters <simonw@zynet.net> wrote:
> I checked last night, and noticed TLD servers for .VA and .MUSEUM are
> still offering recursion amongst a load of less popular top level
> domains.
>
> Indeed just under 10% of the authoritative name servers mentioned in
> the root zone file still offer recursion.
While not ideal, at least most resolvers will not go asking those
servers for anything other than what they are authoritative for unless
an attacker for some reason wanted to setup a long chain of poisons. The
large, shared caching servers and all those open CPE devices are a
much larger concern I think.
John
