[167480] in North American Network Operators' Group
Re: Best practice on TCP replies for ANY queries
daemon@ATHENA.MIT.EDU (SiNA Rabbani)
Thu Dec 12 15:19:54 2013
In-Reply-To: <alpine.LSU.2.00.1312121326440.11548@hermes-2.csi.cam.ac.uk>
Date: Thu, 12 Dec 2013 08:23:10 -0800
From: SiNA Rabbani <sina@redteam.io>
To: Tony Finch <dot@dotat.at>
Cc: NANOG Mailing List <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
http://www.team-cymru.org/Services/Resolvers/
The Internet will be a better place with less open resolvers around.
--SiNA
On Dec 12, 2013 5:32 AM, "Tony Finch" <dot@dotat.at> wrote:
> Anurag Bhatia <me@anuragbhatia.com> wrote:
> >
> > Now I see presence of some (legitimate) DNS forwarders and hence I don't
> > wish to limit queries.
>
> You are going to have to change your mind about this one. Open recursive
> resolvers are a really bad idea, unless you can afford a lot of time and
> cleverness to manage the abuse. Get your users to choose a more
> appropriate name server, and restrict your name server to your local
> networks.
>
> Tony.
> --
> f.anthony.n.finch <dot@dotat.at> http://dotat.at/
> Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at
> first.
> Rough, becoming slight or moderate. Showers, rain at first. Moderate or
> good,
> occasionally poor at first.
>
>
