[167481] in North American Network Operators' Group
Re: Best practice on TCP replies for ANY queries
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Thu Dec 12 15:26:57 2013
Date: Thu, 12 Dec 2013 12:26:35 -0800
From: Paul Ferguson <fergdawgster@mykolab.com>
To: SiNA Rabbani <sina@redteam.io>, Tony Finch <dot@dotat.at>
In-Reply-To: <CAA8U0RTMB1XuagtdzEXz0PickipU4=1cEN4st4qq8StqvjwQCg@mail.gmail.com>
Cc: NANOG Mailing List <nanog@nanog.org>
Reply-To: fergdawgster@mykolab.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Also:
http://openresolverproject.org/
Also, open resolvers are harmful to the Internet, so it would not surprise
me to see organizations to begin blocking any communication with them by
published lists open recursive resolvers.
- - ferg.
On 12/12/2013 8:23 AM, SiNA Rabbani wrote:
> http://www.team-cymru.org/Services/Resolvers/
>
> The Internet will be a better place with less open resolvers around.
>
> --SiNA
> On Dec 12, 2013 5:32 AM, "Tony Finch" <dot@dotat.at> wrote:
>
>> Anurag Bhatia <me@anuragbhatia.com> wrote:
>>>
>>> Now I see presence of some (legitimate) DNS forwarders and hence I
>>> don't wish to limit queries.
>>
>> You are going to have to change your mind about this one. Open recursive
>> resolvers are a really bad idea, unless you can afford a lot of time and
>> cleverness to manage the abuse. Get your users to choose a more
>> appropriate name server, and restrict your name server to your local
>> networks.
>>
>> Tony.
>> --
>> f.anthony.n.finch <dot@dotat.at> http://dotat.at/
>> Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at
>> first.
>> Rough, becoming slight or moderate. Showers, rain at first. Moderate or
>> good,
>> occasionally poor at first.
>>
>>
>
>
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 2317)
Charset: utf-8
wj8DBQFSqhvyq1pz9mNUZTMRAiXgAKCDaQ1KmlVCjXKffz0bVmHRGpbwxgCfXEk7
tHQx8SXtY/xNFLm2L3Uu8x8=
=tTIW
-----END PGP SIGNATURE-----
--
Paul Ferguson
PGP Public Key ID: 0x63546533
