[88943] in North American Network Operators' Group
Re: DNS deluge for x.p.ctrc.cc
daemon@ATHENA.MIT.EDU (Nicholas Suan)
Sat Feb 25 05:09:41 2006
Date: Sat, 25 Feb 2006 04:08:53 -0600
From: Nicholas Suan <nsuan@nonexiste.net>
To: bmanning@vacation.karoshi.com
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <20060225084101.GD12328@vacation.karoshi.com.>
Errors-To: owner-nanog@merit.edu
bmanning@vacation.karoshi.com wrote:
>> Limit recursion to trusted netblocks and customers. Do not permit
>> your name servers to provide recursion for the world. If you do,
>> you will contribute to one of these attacks.
>>
>
> <recursion is a fundamental DNS design feature,
> restricting it to "walled gardens" cripples its usefullness>
>
>
I don't really think that preventing every Tom, Dick, and Harry from
using my nameserver to look up domains I'm not authoritative for is
going to cripple DNS. They really should have their own severs that do
that for them, or they should use the ones provided to them by their ISP.
