[89498] in North American Network Operators' Group
Re: DNS Amplification Attacks
daemon@ATHENA.MIT.EDU (Florian Weimer)
Wed Mar 22 14:34:28 2006
From: Florian Weimer <fw@deneb.enyo.de>
To: peter@peter-dambier.de
Cc: nanog@merit.edu
Date: Wed, 22 Mar 2006 20:33:55 +0100
In-Reply-To: <441F2CC6.1080100@peter-dambier.de> (Peter Dambier's message of
"Mon, 20 Mar 2006 23:29:26 +0100")
Errors-To: owner-nanog@merit.edu
* Peter Dambier:
> In germany censoring is commonplace. You have to use foraign resolvers
> to escape it. There is a lot collateral dammage too - governement has
> provided the tools.
This is not true. There has been some questionable advice by a
regulatory body, though. Most damage is done by ISPs which simply do
not adjust the filters to the moving target and run them as-is since
2001 or so. Null routes tend to filter a different customer after
such a long time.
> How about alternative roots? ICANN does censor "XN--55QX5D.", "XN--FIQS8S."
> and "XN--IO0A7I." already. You must use alternative roots to exchange emails
> with people living in those domains.
Unfortunately, they also censor "ENYO.".
