[162052] in North American Network Operators' Group
Re: Open Resolver Problems
daemon@ATHENA.MIT.EDU (Niels Bakker)
Mon Apr 1 16:19:52 2013
Date: Mon, 1 Apr 2013 22:19:31 +0200
From: Niels Bakker <niels=nanog@bakker.net>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <44ECD7B5-D9A4-408B-A132-29241DE3A867@ianai.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>On Apr 01, 2013, at 11:55 , "Milt Aitken" <milt@net2atlanta.com> wrote:
>>Most of our DSL customers have modem/routers that resolve DNS
>>externally.
>>And most of those have no configuration option to stop it.
>>So, we took the unfortunate step of ACL blocking DNS requests to & from
>>the DSL network unless the requests are to our DNS servers.
>>
>> Suboptimal, but it stopped the DNS amplification attacks.
Wow. Glad I'm not a customer of yours.
* patrick@ianai.net (Patrick W. Gilmore) [Mon 01 Apr 2013, 18:04 CEST]:
>I was going to suggest exactly this.
>
>Don't most broadband networks have a line in their AUP about running
>servers?
Huh? No. Thankfully. Not all of us are mindless consumers.
-- Niels.
