[161797] in North American Network Operators' Group
Re: Open Resolver Problems
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Wed Mar 27 00:25:53 2013
In-Reply-To: <CAEmG1=qgJmvCXg9qvk8RVtURyAWmuQLz7yWraQ4TPUkccPxoLw@mail.gmail.com>
Date: Tue, 26 Mar 2013 19:23:11 -0700
From: Paul Ferguson <fergdawgster@gmail.com>
To: Matthew Petach <mpetach@netflight.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Mar 26, 2013 at 7:14 PM, Matthew Petach <mpetach@netflight.com> wrote:
>
> The concern Valdis raised about securing recursives while still
> being able to issue static nameserver IPs to mobile devices
> is an orthogonal problem to Owen putting rate limiters on
> the authoritative servers for he.net. If we're all lighting up
> pitchforks and raising torches, I'd kinda like to know at which
> castle we're going to go throw pitchforks.
>
Open Recursive DNS Resolvers.
The need to start seriously addressing this issue is kind of dire. The
problem with DNS Amplification attacks is getting worse, not better.
Oh yeah... and BCP38, too. :-)
They both kind of go hand-in-hand.
- ferg
--
"Fergie", a.k.a. Paul Ferguson
fergdawgster(at)gmail.com
