[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Open Resolver Problems
- Subject: Open Resolver Problems
- From: fergdawgster at gmail.com (Paul Ferguson)
- Date: Tue, 26 Mar 2013 19:23:11 -0700
- In-reply-to: <CAEmG1=qgJmvCXg9qvk8RVtURyAWmuQLz7yWraQ4TPUkccPxoLw@mail.gmail.com>
- References: <[email protected]> <[email protected]> <CAEmG1=oXXwHObBcBaRTFTj9-uyq_dFfB4j63LAmKp8Y4hdT+Wg@mail.gmail.com> <CAL89Sg+XDKc=_6UWosAZ=wyPJb9tm2GaN0-vDk8Kyiji+vEUUQ@mail.gmail.com> <CAEmG1=qgJmvCXg9qvk8RVtURyAWmuQLz7yWraQ4TPUkccPxoLw@mail.gmail.com>
On Tue, Mar 26, 2013 at 7:14 PM, Matthew Petach <mpetach at netflight.com> wrote:
>
> The concern Valdis raised about securing recursives while still
> being able to issue static nameserver IPs to mobile devices
> is an orthogonal problem to Owen putting rate limiters on
> the authoritative servers for he.net. If we're all lighting up
> pitchforks and raising torches, I'd kinda like to know at which
> castle we're going to go throw pitchforks.
>
Open Recursive DNS Resolvers.
The need to start seriously addressing this issue is kind of dire. The
problem with DNS Amplification attacks is getting worse, not better.
Oh yeah... and BCP38, too. :-)
They both kind of go hand-in-hand.
- ferg
--
"Fergie", a.k.a. Paul Ferguson
fergdawgster(at)gmail.com