mailing list archives
Re: DNS deluge for x.p.ctrc.cc
From: Joe Provo <nanog-post () rsuc gweep net>
Date: Sat, 25 Feb 2006 11:24:46 -0500
On Sat, Feb 25, 2006 at 08:41:01AM +0000, bmanning () vacation karoshi com wrote:
Limit recursion to trusted netblocks and customers. Do not permit
your name servers to provide recursion for the world. If you do,
you will contribute to one of these attacks.
<recursion is a fundamental DNS design feature,
restricting it to "walled gardens" cripples its usefullness>
The bad guys abused open SMTP relaying and we couldn't use it anymore.*
They've moved to the next thing that is widely open and will be abusable
for a long time while some folks clamp down quickly, others argue against
it, etc. Until we can factor out the bad guys, the diminishing returns
on playing whack-a-mole will force us all to install more functional
equivalent of signs saying "restrooms are for customers only". And no
I don't like it either.
* well, except those who wish to be marginalized.
RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
Re: DNS deluge for x.p.ctrc.cc Steven M. Bellovin (Feb 25)
Re: DNS deluge for x.p.ctrc.cc Paul Vixie (Feb 27)