[143121] in North American Network Operators' Group
Re: DNS DoS ???
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Fri Jul 29 18:40:29 2011
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Fri, 29 Jul 2011 22:39:46 +0000
In-Reply-To: <CACRGtSOSPm12YE3S=n801ooun32VrXsRfP7yqO55kcHMSnss9A@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jul 30, 2011, at 1:51 AM, Elliot Finley wrote:
> my DNS servers were getting slow so I blocked recursive queries for all b=
ut my own network.
This should be the standard practice. By operating an open recursor, you l=
end your DNS server to abuse as a contributor to DNS reflection/amplificati=
on attacks.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
