[143148] in North American Network Operators' Group
RE: DNS DoS ???
daemon@ATHENA.MIT.EDU (Frank Bulk)
Sat Jul 30 21:10:06 2011
From: "Frank Bulk" <frnkblk@iname.com>
To: "NANOG list" <nanog@nanog.org>
In-Reply-To: <B618B6AC-BEE8-40B0-9808-062990114681@arbor.net>
Date: Sat, 30 Jul 2011 20:09:18 -0500
Reply-To: frnkblk@iname.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
More good stuff here: http://www.team-cymru.org/Services/Resolvers/
Frank
-----Original Message-----
From: Dobbins, Roland [mailto:rdobbins@arbor.net]
Sent: Friday, July 29, 2011 5:40 PM
To: NANOG list
Subject: Re: DNS DoS ???
On Jul 30, 2011, at 1:51 AM, Elliot Finley wrote:
> my DNS servers were getting slow so I blocked recursive queries for all
but my own network.
This should be the standard practice. By operating an open recursor, you
lend your DNS server to abuse as a contributor to DNS
reflection/amplification attacks.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
