[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Open Resolver Problems

Subject: Open Resolver Problems
From: jra at baylink.com (Jay Ashworth)
Date: Mon, 1 Apr 2013 14:19:16 -0400 (EDT)
In-reply-to: <[email protected]>

----- Original Message -----
> From: "Roland Dobbins" <rdobbins at arbor.net>

> On Apr 1, 2013, at 11:18 PM, Patrick W. Gilmore wrote:
> > Of course, since users shouldn't be using off-net name servers
> > anyway, this isn't really a problem! :)
> 
> ;>
> 
> It's easy enough to construct ACLs to restrict the broadband consumer
> access networks from doing so. Additional egress filtering would catch
> any reflected attacks, per your previous comments.

So, how would Patrick's caveat affect me, whose recursive resolver *is 
on my Linux laptop*?  Would not that recursor be making queries he 
advocates blocking?

Or don't I remember DNS well enough?

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274

Follow-Ups:
- Open Resolver Problems
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- Open Resolver Problems
  - From: jabley at hopcount.ca (Joe Abley)

Prev by Date: GlobalCrossing looking glass problem
Next by Date: Open Resolver Problems
Previous by thread: Open Resolver Problems
Next by thread: Open Resolver Problems
Index(es):
- Date
- Thread