[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
Rick Wesson
wessorh at ar.com
Mon Jul 10 20:53:58 UTC 2006
Stephanie,
The ORNs discussed in the papers you reference below are for the most
part ones that are open but not managed as open. ie their managers think
that they are closed but in fact are not. These [in mass] do pose a threat.
OpenDNS is supposed to be open, its in their name. The ORNs are not
supposed to be open but that are.
-rick
Stephane Bortzmeyer wrote:
> A big issue with OpenDNS is that it is an open recursive
> nameserver. ORNs have been under deep scrutiny recently and this
> scrutiny resulted in an Internet-draft
> (http://www.ietf.org/internet-drafts/draft-ietf-dnsop-reflectors-are-evil-01.txt)
> which explains why it is a bad idea.
>
> So, my first question, since you want to go in the arena is: what
> OpenDNS will do in order not to be used as a DoS reflector/amplifier?
>
> See:
>
> http://www.gossamer-threads.com/lists/nanog/users/89657
> http://lists.oarci.net/pipermail/dns-operations/2006-February/thread.html
> http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf
> http://ccnog.org/archive/operations/msg00050.html
> http://weblog.barnet.com.au/edwin/cat_networking.html
> http://www.isotf.org/news/DNS-Amplification-Attacks.pdf
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list