[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

Rick Wesson wessorh at ar.com
Mon Jul 10 20:53:58 UTC 2006


The ORNs discussed in the papers you reference below are for the most 
part ones that are open but not managed as open. ie their managers think 
that they are closed but in fact are not. These [in mass] do pose a threat.

OpenDNS is supposed to be open, its in their name. The ORNs are not 
supposed to be open but that are.


Stephane Bortzmeyer wrote:
> A big issue with OpenDNS is that it is an open recursive
> nameserver. ORNs have been under deep scrutiny recently and this
> scrutiny resulted in an Internet-draft
> (http://www.ietf.org/internet-drafts/draft-ietf-dnsop-reflectors-are-evil-01.txt)
> which explains why it is a bad idea.
> So, my first question, since you want to go in the arena is: what
> OpenDNS will do in order not to be used as a DoS reflector/amplifier?
> See:
> http://www.gossamer-threads.com/lists/nanog/users/89657
> http://lists.oarci.net/pipermail/dns-operations/2006-February/thread.html
> http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf
> http://ccnog.org/archive/operations/msg00050.html
> http://weblog.barnet.com.au/edwin/cat_networking.html
> http://www.isotf.org/news/DNS-Amplification-Attacks.pdf
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list