[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Best practice on TCP replies for ANY queries
- Subject: Best practice on TCP replies for ANY queries
- From: ahebert at pubnix.net (Alain Hebert)
- Date: Thu, 12 Dec 2013 15:27:19 -0500
- In-reply-to: <CAA8U0RTMB1XuagtdzEXz0PickipU4=1cEN4st4qq8StqvjwQCg@mail.gmail.com>
- References: <CAJ0+aXZ5kC=ngBYdZbK2A+d296uVotdyTHBii4NgJTtbdyGhDw@mail.gmail.com> <[email protected]> <CAA8U0RTMB1XuagtdzEXz0PickipU4=1cEN4st4qq8StqvjwQCg@mail.gmail.com>
The internet will be better without ISP refusing to apply BCP38.
<end of comment>
This is a pointless argument since the majority of the industry
prefer going after the <flavor of the month> UDP flood instead of
curbing the problem at its source once and for all.
-----
Alain Hebert ahebert at pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
On 12/12/13 11:23, SiNA Rabbani wrote:
> http://www.team-cymru.org/Services/Resolvers/
>
> The Internet will be a better place with less open resolvers around.
>
> --SiNA
> On Dec 12, 2013 5:32 AM, "Tony Finch" <dot at dotat.at> wrote:
>
>> Anurag Bhatia <me at anuragbhatia.com> wrote:
>>> Now I see presence of some (legitimate) DNS forwarders and hence I don't
>>> wish to limit queries.
>> You are going to have to change your mind about this one. Open recursive
>> resolvers are a really bad idea, unless you can afford a lot of time and
>> cleverness to manage the abuse. Get your users to choose a more
>> appropriate name server, and restrict your name server to your local
>> networks.
>>
>> Tony.
>> --
>> f.anthony.n.finch <dot at dotat.at> http://dotat.at/
>> Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at
>> first.
>> Rough, becoming slight or moderate. Showers, rain at first. Moderate or
>> good,
>> occasionally poor at first.
>>
>>
>