[161688] in North American Network Operators' Group
Re: Open Resolver Problems
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Mar 25 11:57:27 2013
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <13438.1364226293@turing-police.cc.vt.edu>
Date: Mon, 25 Mar 2013 11:55:12 -0400
To: Valdis.Kletnieks@vt.edu
Cc: North American Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 25, 2013, at 11:44 AM, Valdis.Kletnieks@vt.edu wrote:
> On Mon, 25 Mar 2013 15:38:01 -0000, Nick Hilliard said:
>> On 25/03/2013 14:33, Mikael Abrahamsson wrote:
>>> I would like to be able to request an IP list of open resolvers in =
my ASN,
>>> perhaps sent to the contact details in RIPE whois database to make =
sure I'm
>>> not falsely representing that ASN.
>>=20
>> Why would that matter? This is publicly available information.
>=20
> Some of us have both publicly-facing authoritative DNS, and inward
> facing recursive servers that may be open resolvers but can't be
> found via NS entries (so the IP addresses of those aren't exactly
> publicly available info).
Scoping your responses based on query-source should work just fine in =
this case.
There's documentation on how to do that online here:
http://www.zytrax.com/books/dns/ch9/close.html
I highly recommend doing this with your name server. If you have =
examples of how to do this you want to share and have me post, as I =
mentioned, please send me your edits and additions. I want to make this =
valuable.
- Jared=
