[162041] in North American Network Operators' Group
Re: Open Resolver Problems
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Mon Apr 1 14:19:26 2013
Date: Mon, 1 Apr 2013 14:19:16 -0400 (EDT)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <13505129.460.1364840336312.JavaMail.root@benjamin.baylink.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "Roland Dobbins" <rdobbins@arbor.net>
> On Apr 1, 2013, at 11:18 PM, Patrick W. Gilmore wrote:
> > Of course, since users shouldn't be using off-net name servers
> > anyway, this isn't really a problem! :)
>
> ;>
>
> It's easy enough to construct ACLs to restrict the broadband consumer
> access networks from doing so. Additional egress filtering would catch
> any reflected attacks, per your previous comments.
So, how would Patrick's caveat affect me, whose recursive resolver *is
on my Linux laptop*? Would not that recursor be making queries he
advocates blocking?
Or don't I remember DNS well enough?
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274
