[162036] in North American Network Operators' Group
Re: Open Resolver Problems
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Mon Apr 1 12:50:50 2013
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Mon, 1 Apr 2013 16:50:30 +0000
In-Reply-To: <6E2EB923-428B-4DBD-9AE6-5E2D670ED5D4@ianai.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 1, 2013, at 11:18 PM, Patrick W. Gilmore wrote:
> Of course, since users shouldn't be using off-net name servers anyway, th=
is isn't really a problem! :)
;>
It's easy enough to construct ACLs to restrict the broadband consumer acces=
s networks from doing so. Additional egress filtering would catch any refl=
ected attacks, per your previous comments.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
