[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Open Resolver Problems

Subject: Open Resolver Problems
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Mon, 25 Mar 2013 11:25:59 -0400
In-reply-to: Your message of "Mon, 25 Mar 2013 10:22:08 -0400." <[email protected]>
References: <[email protected]>

On Mon, 25 Mar 2013 10:22:08 -0400, Jared Mauch said:
> Some basic stats:
>
> 27 million resolvers existed as of this dataset collection
>
> only 2.1 million of them were "closed".
>
> We have a lot to do to close the hosts, please do what you can to help.

What's the current BCP on how to deal with mobile devices that hard-code
your resolvers in their equivalent of /etc/resolv.conf (often because the
owner of the device trusts their emnployers/whatever resolver more than they
trust the DNS server that the hotel DHCP pointed them at)?

(And yes, I *know* that "point at your employers DNS" works against a
threat model of "local provider is an idiot" and fails against "local
provider is willing to spoof replies from other DNS servers")
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130325/f98b5ab4/attachment-0001.bin>

References:
- Open Resolver Problems
  - From: jared at puck.nether.net (Jared Mauch)

Prev by Date: Is multihoming hard? [was: DNS amplification]
Next by Date: Open Resolver Problems
Previous by thread: Open Resolver Problems
Next by thread: Open Resolver Problems
Index(es):
- Date
- Thread