[95555] in North American Network Operators' Group
Re: On-going Internet Emergency and Domain Names
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Sat Mar 31 06:58:21 2007
Date: Sat, 31 Mar 2007 12:57:26 +0200 (CEST)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.21.0703310532250.18482-100000@linuxbox.org>
Errors-To: owner-nanog@merit.edu
On Sat, 31 Mar 2007, Gadi Evron wrote:
> In this case, we speak of a problem with DNS, not sendmail, and not bind.
The argument can be made that you're trying to solve a windows-problem by
implementing blocking in DNS.
Next step would be to ask all access providers to block outgoing UDP/53 so
people can't use open resolvers or machines set up to act as resolvers for
certain DNS information that the botnets need, as per the same analysis
that blocking TCP/25 stops spam.
So what you're trying to do is a pure stop-gap measure that won't scale in
the long run. Fix the real problem instead of trying to bandaid the
symptoms.
--
Mikael Abrahamsson email: swmike@swm.pp.se
