[dns-operations] DNS deluge for x.p.ctrc.cc
jgreco at ns.sol.net
Mon Feb 27 21:31:50 UTC 2006
> ] If shunning would be effective, wouldn't it make more sense to shun
> ] networks that don't implement BCP38? We could fix a wide *range* of
> ] future attack vectors, rather than just this relatively small single
> ] vector that doesn't even address all of the ways to abuse DNS for this
> ] sort of thing.
> Given that we're talking about two likely disparate audiences (DNS
> admins v. network admins), why not do both?
Because shutting down outside access to recursers sucks in many ways.
For a list titled "dns-operations," I am taken aback a bit because it
sounds like nobody here ever has to do the dirty tech work of finding
out why some name is resolving (funny, slow, wrong, not at all, etc),
and having access to query the recursers in question is really helpful.
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the dns-operations