[78979] in North American Network Operators' Group
Re: DNS cache poisoning attacks -- are they real?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Sun Mar 27 16:49:04 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: Joe Maimon <jmaimon@ttec.com>
Cc: nanog@merit.edu
Date: Sun, 27 Mar 2005 23:46:43 +0200
In-Reply-To: <4246E10A.1040501@ttec.com> (Joe Maimon's message of "Sun, 27 Mar
2005 11:36:26 -0500")
Errors-To: owner-nanog@merit.edu
* Joe Maimon:
> Slightly OT to parent thread...on the subject of open dns resolvers.
>
> Common best practices seem to suggest that doing so is a bad thing.
There was some malware which contained hard-coded IP addresses of a
few open DNS resolvers (probably in an attempt to escape from
DNS-based walled gardens). If one of your DNS resolvers was among
them, I'm sure you'd closed it to the general public, too -- and made
sure that your others were closed as well, just in case.
