[161760] in North American Network Operators' Group
Re: Open Resolver Problems
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Mar 26 13:17:30 2013
From: Owen DeLong <owen@delong.com>
In-Reply-To: <5151CF28.50605@dougbarton.us>
Date: Tue, 26 Mar 2013 10:10:58 -0700
To: Doug Barton <dougb@dougbarton.us>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 26, 2013, at 9:39 AM, Doug Barton <dougb@dougbarton.us> wrote:
> On 03/26/2013 09:28 AM, Owen DeLong wrote:
>>=20
>> On Mar 26, 2013, at 5:59 AM, Chris Adams <cmadams@hiwaay.net> wrote:
>>=20
>>> Once upon a time, Valdis.Kletnieks@vt.edu <Valdis.Kletnieks@vt.edu> =
said:
>>>> Now explain how you find a recursive nameserver that isn't listed =
in an NS
>>>> entry and *hasn't* been publicized someplace that Google can find =
it.
>>>=20
>>> The same way you find open mail relays, SSH hosts with weak
>>> user/password combos, bad WordPress installs, etc. - scan for them. =
If
>>> it is open to the Internet, it will be found (or probably already =
has
>>> been).
>>>=20
>>=20
>> Let me rephrase the question=85 How do you find an open IPv6 =
recursive name server
>> that isn't listed in an NS entry and hasn't been publicized someplace =
that Google can
>> find it?
>=20
> That question was already answered ... ask the bots what their =
resolving name servers are, then check to see if they are open. As IPv6 =
deployment increases, the answers will increasingly include IPv6 open =
resolvers.
>=20
> Doug
>=20
Let me again rephrase=85
As a white-hat attempting to find problems to address through legitimate =
means, how
do you =85
Owen
