[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Jul 10 20:34:29 UTC 2006


A big issue with OpenDNS is that it is an open recursive
nameserver. ORNs have been under deep scrutiny recently and this
scrutiny resulted in an Internet-draft
(http://www.ietf.org/internet-drafts/draft-ietf-dnsop-reflectors-are-evil-01.txt)
which explains why it is a bad idea.

So, my first question, since you want to go in the arena is: what
OpenDNS will do in order not to be used as a DoS reflector/amplifier?

See:

http://www.gossamer-threads.com/lists/nanog/users/89657
http://lists.oarci.net/pipermail/dns-operations/2006-February/thread.html
http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf
http://ccnog.org/archive/operations/msg00050.html
http://weblog.barnet.com.au/edwin/cat_networking.html
http://www.isotf.org/news/DNS-Amplification-Attacks.pdf



More information about the dns-operations mailing list