[78976] in North American Network Operators' Group
Re: DNS cache poisoning attacks -- are they real?
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Sun Mar 27 16:25:54 2005
Date: Sun, 27 Mar 2005 21:25:29 +0000
From: bmanning@vacation.karoshi.com
To: Joe Maimon <jmaimon@ttec.com>
Cc: nanog@merit.edu
In-Reply-To: <4246E10A.1040501@ttec.com>
Errors-To: owner-nanog@merit.edu
On Sun, Mar 27, 2005 at 11:36:26AM -0500, Joe Maimon wrote:
>
>
>
> Suresh Ramasubramanian wrote:
> >On Sat, 26 Mar 2005 17:52:56 -0500 (EST), Sean Donelan <sean@donelan.com>
> >wrote:
> >
> <snip>
> >
> >Thank $DEITY for large ISPs running open resolvers on fat pipes ..
> >those do come in quite handy in a resolv.conf sometimes, when I run
> >into this sort of behavior.
> >
> >--srs
> >
> >
>
> Slightly OT to parent thread...on the subject of open dns resolvers.
>
> Common best practices seem to suggest that doing so is a bad thing. DNS
> documentation and http://www.dnsreport.com appear to view this negatively.
er... common best practice for YOU... perhaps.
dnsreport.com is apparently someone who agrees w/ you.
and i know why some COMMERCIAL operators want to squeeze
every last lira from the services they offer...
but IMRs w/ unrestricted access are a good a valuable tool
for the Internet community at large.
IMR? - you know, an Interative Mode Resolver aka caching server.
> Joe
--bill
